HOWTO encrypt an existing filesystem with dmcrypt and dd
nielchiano wrote:
I'm no LUKS expert either, but according to the info I read, LUKS is acting more like a "header" It occupies the first N blocks of the partition. The crypto-data starts at sector N+1.
You can check that by creating a non-LUKS cryptomap and compare the offsets in dmtable:
loopcrypto: 0 20480 crypt aes-cbc-plain XXXXXXXX 0 7:0 0

loopcryptoLUKS: 0 19448 crypt aes-cbc-essiv:sha256 XXXXXXXX 0 7:0 1032

(format is documented here:
You can see that the luks-partition is offset by 1032 sectors from the beginning. In other words: the first 1032 sectors contain the LUKS header specifying the different keys that can be used to unlock the partition.
The (encrypted) filesystem doesn't even SEE the LUKS-data, just like it doesn't see the previous partition of the disk.
so this is correct:
depontius wrote:
then LUKS is essentially a "container partition", meaning it sits *raw* inside a partition, and then itself acts like a partition to the filesystem it's hosting

Now why can't I ever expalin things that clearly?


This is what I came up with to try to create a picture of the layout;
( physical disk ( partition ( ( luks header ) ( dmcrypt mapping ( filesystem ) ) ) ) )

I'm extremely new to hard drive encryption, infact this article is only the second one I've read on the subject. I'm curious what are the disadvantages of encrypting your partition. I would imagine that read/write would be slowed a bit due to the overhead of encrypting and decrypting the data, but are there any others?

Edit: Also, what is the disadvantage of increasing the key-size, does it just slow down read/write the large the key-size? What is an ideal key-size to protect my data? Does it depend on the cipher I choose?
Recently someone ran a test about efficiency of ecrypted filesystem, it was veeeeeeery little difference, I can confirm that ;)
