Go Back   AnandTech Forums > Software > *nix Software

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 02-05-2013, 08:38 PM   #1
ch33zw1z
Lifer
 
ch33zw1z's Avatar
 
Join Date: Nov 2004
Location: Ten Forward
Posts: 13,084
Default Ubuntu 12.04, mdadm mirror, encryption

I'm setting up a RAID1 using mdadm, and was wondering what other people here may use for storage encryption...
__________________
Heatware

ch33zw1z is offline   Reply With Quote
Old 02-06-2013, 06:54 AM   #2
Jodell88
Diamond Member
 
Jodell88's Avatar
 
Join Date: Jan 2007
Location: Salamandastron
Posts: 6,785
Default

https://wiki.archlinux.org/index.php/LUKS
__________________
“Defend the weak, protect both young and old, never desert your friends. Give justice to all, be fearless in battle and always ready to defend the right." - The law of Badger Lords
Jodell88 is offline   Reply With Quote
Old 02-06-2013, 08:07 AM   #3
ch33zw1z
Lifer
 
ch33zw1z's Avatar
 
Join Date: Nov 2004
Location: Ten Forward
Posts: 13,084
Default

Thanks, I check it out
__________________
Heatware

ch33zw1z is offline   Reply With Quote
Old 02-06-2013, 09:27 AM   #4
ch33zw1z
Lifer
 
ch33zw1z's Avatar
 
Join Date: Nov 2004
Location: Ten Forward
Posts: 13,084
Default

So, This is what I've done so far:

1. install mdadm and create RAID1, sync'd overnight:

Code:
geoff@geoff-P5K:~$ sudo mdadm --detail /dev/md0
/dev/md0:
        Version : 1.2
  Creation Time : Tue Feb  5 20:13:33 2013
     Raid Level : raid1
     Array Size : 1953382208 (1862.89 GiB 2000.26 GB)
  Used Dev Size : 1953382208 (1862.89 GiB 2000.26 GB)
   Raid Devices : 2
  Total Devices : 2
    Persistence : Superblock is persistent

    Update Time : Wed Feb  6 10:18:22 2013
          State : clean 
 Active Devices : 2
Working Devices : 2
 Failed Devices : 0
  Spare Devices : 0

           Name : geoff-P5K:0  (local to host geoff-P5K)
           UUID : 60efee9a:a26d5deb:646f600d:aa22472b
         Events : 19

    Number   Major   Minor   RaidDevice State
       0       8       17        0      active sync   /dev/sdb1
       1       8       33        1      active sync   /dev/sdc1
Then created the encryption with cryptsetup and LUKS, and did a luks dump:

Code:
geoff@geoff-P5K:~$ sudo cryptsetup luksDump /dev/md0
LUKS header information for /dev/md0

Version:       	1
Cipher name:   	aes
Cipher mode:   	cbc-essiv:sha256
Hash spec:     	sha1
Payload offset:	4096
MK bits:       	256
MK digest:     	13 e6 e4 b1 6c 62 f3 29 c1 e7 52 e1 bf 19 de 07 b0 95 17 2f 
MK salt:       	b4 be 44 4b ef 2e d5 02 e5 2a 69 ff 20 ea 33 e7 
               	e2 8c 4c 88 77 aa b0 e2 d6 3f af 06 67 9e 65 ee 
MK iterations: 	41125
UUID:          	73c979c4-cba3-4ba0-b793-8bd3f4ee3814

Key Slot 0: ENABLED
	Iterations:         	164831
	Salt:               	0d 3b 19 09 87 0e 74 f3 8d 87 7f 36 c5 72 61 9d 
	                      	5d e0 f0 52 f9 18 0c 80 91 56 aa 4e 86 dc 47 f2 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Is there anything I'm missing? any suggestions for "hardening" the encryption?

I will admit my passphrase is weak, only 16 characters, alpha-numeric, with no special characters...I may just change that before starting to use this RAID1...
__________________
Heatware

ch33zw1z is offline   Reply With Quote
Old 02-06-2013, 11:03 AM   #5
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

You're already using AES-256 which as far as I know has no currently exploitable holes and will take effectively infinite time to bruteforce. Your passphrase is the most important part of that equation because any tool worth using is just a fancy kind of bruteforce attack.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 02-07-2013, 06:58 AM   #6
ch33zw1z
Lifer
 
ch33zw1z's Avatar
 
Join Date: Nov 2004
Location: Ten Forward
Posts: 13,084
Default

Just an update in the case that someone reads this thread and tries it out, I ran into this after my first reboot: http://ubuntuforums.org/showthread.php?t=1764861%29

I commented out the user name at the end of the mdadm.conf file and rebooted, back to md0. Last line of the .conf

Code:
# mdadm.conf
#
# Please refer to mdadm.conf(5) for information about this file.
#

# by default (built-in), scan all partitions (/proc/partitions) and all
# containers for MD superblocks. alternatively, specify devices to scan, using
# wildcards if desired.
#DEVICE partitions containers

# auto-create devices with Debian standard permissions
CREATE owner=root group=disk mode=0660 auto=yes

# automatically tag new arrays as belonging to the local system
HOMEHOST <system>

# instruct the monitoring daemon where to send mail alerts
MAILADDR root

# definitions of existing MD arrays

# This file was auto-generated on Tue, 05 Feb 2013 19:52:48 -0500
# by mkconf $Id$
ARRAY /dev/md/0 metadata=1.2 UUID=60efee9a:a26d5deb:646f600d:aa22472b 
#name=geoff-P5K:0
__________________
Heatware

ch33zw1z is offline   Reply With Quote
Old 04-15-2013, 02:50 PM   #7
ch33zw1z
Lifer
 
ch33zw1z's Avatar
 
Join Date: Nov 2004
Location: Ten Forward
Posts: 13,084
Default

bump, So I want to migrate this to a new install of the same version of linux. I'm having a bit of trouble finding a procedure...

Anyone have experience or advice moving a RAID1 + encryption to a new install? Only piece of hardware that will be changing is the OS drive.
__________________
Heatware

ch33zw1z is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 02:41 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.