Re: Idea: Encryption plugin architecture for file-systems

Dale Amon (amon@vnl.com)
Mon, 23 Apr 2001 21:12:38 +0100


Talk about syncronicity... I had just last week asked
about the pro's and con's on this on the crypto list and
have heard nothing at all back. So I'll drop the body
of that message in here:

--
I've got a crypto loopback running directly on a /dev/md0
partition and then the file system on top of that. I'm
interested in what the feelings of others are on the
trade offs of doing it this way.

Is there something to be gained by adding a file system layer between the /dev/md0 and the loopback file as far as error recovery is concerned?

Do I actually gain performance (as I am guessing currently that I do) by eliminating one layer?

It's just a plaything right now, but I'd be interested in some feedback on the wisdom of it before I actually use this on something important. So just to reiterated:

fs fs c. loopback c. loopback vs fs raid1 raid1 disk disk disk disk

where fs = ext2 until this evening when I replace it with reiserfs.

--

And update by saying I've got reiserfs working on top of it with no problems. But I'm still just that wee bit nervous about the approach even though it works.

What happens if I get one bad disk sector in a partition? What is the difference in data loss between encrypting on the bare partition versus having say, a reiserfs under you?

(Obviously RAID doesn't save you. It will just merrily reproduce the bad sector on the mirror disk)

-- 
------------------------------------------------------
Use Linux: A computer        Dale Amon, CEO/MD
is a terrible thing          Village Networking Ltd
to waste.                    Belfast, Northern Ireland
------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/