So, This is what I've done so far:
1. install mdadm and create RAID1, sync'd overnight:
Code:
geoff@geoff-P5K:~$ sudo mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Tue Feb 5 20:13:33 2013
Raid Level : raid1
Array Size : 1953382208 (1862.89 GiB 2000.26 GB)
Used Dev Size : 1953382208 (1862.89 GiB 2000.26 GB)
Raid Devices : 2
Total Devices : 2
Persistence : Superblock is persistent
Update Time : Wed Feb 6 10:18:22 2013
State : clean
Active Devices : 2
Working Devices : 2
Failed Devices : 0
Spare Devices : 0
Name : geoff-P5K:0 (local to host geoff-P5K)
UUID : 60efee9a:a26d5deb:646f600d:aa22472b
Events : 19
Number Major Minor RaidDevice State
0 8 17 0 active sync /dev/sdb1
1 8 33 1 active sync /dev/sdc1
Then created the encryption with cryptsetup and LUKS, and did a luks dump:
Code:
geoff@geoff-P5K:~$ sudo cryptsetup luksDump /dev/md0
LUKS header information for /dev/md0
Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: 13 e6 e4 b1 6c 62 f3 29 c1 e7 52 e1 bf 19 de 07 b0 95 17 2f
MK salt: b4 be 44 4b ef 2e d5 02 e5 2a 69 ff 20 ea 33 e7
e2 8c 4c 88 77 aa b0 e2 d6 3f af 06 67 9e 65 ee
MK iterations: 41125
UUID: 73c979c4-cba3-4ba0-b793-8bd3f4ee3814
Key Slot 0: ENABLED
Iterations: 164831
Salt: 0d 3b 19 09 87 0e 74 f3 8d 87 7f 36 c5 72 61 9d
5d e0 f0 52 f9 18 0c 80 91 56 aa 4e 86 dc 47 f2
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Is there anything I'm missing? any suggestions for "hardening" the encryption?
I will admit my passphrase is weak, only 16 characters, alpha-numeric, with no special characters...I may just change that before starting to use this RAID1...