Hosting Provided By

Re: Encrypting drive

From: Goswin von Brederlow <brederlo(at)informatik.uni-tuebingen.de>
Date: Fri Jul 20 2007 - 03:46:02 EDT

Russell Coker <russell@coker.com.au> writes:

> On Monday 02 July 2007 11:35, Anders Breindahl <skrewz@skrewz.dk> wrote:
>> In servers, you might want to trust physical security, since
>> whole-system encryption incurs a performance degradation. (However, on a
>> reasonably recent system, you still will be bottlenecked by Fast
>> Ethernet at 100Mb/s).
>
> Where "reasonably fast" means faster than a 3GHz P4. A 3GHz P4 system I was
> working on recently appeared to be limited to 4MB/s, if it wasn't for the
> fact that the machine is about to be decommissioned then I would probably
> investigate this further as the performance is lower than expected.
>
>> However, if you should choose to encrypt only, say /home, you'd need to
>> make sure that data won't ``sieve'' onto the unencrypted parts of the
>> system, such as /tmp or swap space.
>
> True. But the advantage to encrypting only some partitions is that you can
> get better performance for non-secret data.

Then you might be even better served with encryptfs and make it even more selctive.

MfG

Goswin

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Fri Jul 20 03:47:57 2007

This message: [ Message body ]
Next message: pvollenweider(at)jahia.com: "Re: [SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several"
Previous message: Florent.BERRY(at)valeo.com: "Florent BERRY est absent(e)."
In reply to: Russell Coker: "Re: Encrypting drive"
Next in thread: Goswin von Brederlow: "Re: Encrypting drive"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 19:05:21 EDT