You are not logged in.

#1 2010-06-04 06:59:13

Garret
Member
From: Palermo, Italy
Registered: 2006-07-09
Posts: 172

Some questions about encryption

I would encrypt my drive where Archlinux is installed following this guide on the wiki. But I have some questions:

1) Using the AES encryption, as recommended, all operations will be more slower than without encryption? If yes how much slower? I wonder if the game worth the candle at this point.

2) Does encryption work pretty well with old computers too? And with netbooks?

3) Does encryption stress more the hard drives?

4) One of my greatest fear is that I upgrade my arch box as usual and when I reboot my pc I can't access my data for some reason. I mean, is it possible always have the security to recover data with simple tools?

5) If I would encrypt only a folder is it more convenient and easier use truecrypt than dm-crypto?

Offline

#2 2010-06-04 08:16:39

toffyrn
Member
Registered: 2008-10-07
Posts: 221

Re: Some questions about encryption

1) I don't think you will notice a big performance hit, (until you run some benchmarking...)
2) Of course, but with fewer resources the performance hit will be slightly larger.
3) No. The decryption algorithm will stress the CPU, however not much.

4) This is a more tricky part. You can use the same tools as before, but you have to decrypt the data somewhere in the process.  The only good solution seems to be a backup (even without encryption).   

5) I don't know wich tool is the best for this. There are a number of possibilities:
    http://www.debianadmin.com/filesystem-e … linux.html

Last edited by toffyrn (2010-06-04 08:17:55)

Offline

#3 2010-06-04 08:30:45

Nullw0rm
Member
Registered: 2010-01-21
Posts: 16

Re: Some questions about encryption

1-3: You should read up about the AES algorithm and its performance, through various benchmarks of my own with hdparm/others compiled my old unencrypted SATA ext3 partition clicked at  131.9MB/s compared to encrypted 65.8MB/s but both results were skewed on multiple runs.

kcryptd will certainly take up a bit of CPU time and may limit the write/caching speed but not by too much, my tests were on an old Celly (Celeron M laptop) which should answer your older system question, and It doesn't stress the hard disk much, a insignificantly marginal percentage.

4:
http://wiki.archlinux.org/index.php/Sys … ryptheader

5:
I don't think anyone can say for certain which is faster, but it'd look to be better if you were only encrypting a folder. You'd need to run your own benchmarks to answer that question with truecrypt.

Last edited by Nullw0rm (2010-06-04 08:35:48)

Offline

#4 2010-06-04 16:50:23

Stebalien
Member
Registered: 2010-04-27
Posts: 1,237
Website

Re: Some questions about encryption

You can use a userspace encryption program (ecryptfs or encfs) if you want to encrypt only one folder. This method is generally easier to setup than truecrypt/dm-crypt as it does not require repartitioning and/or root access. IMHO home directory encryption is the best way to go.

Last edited by Stebalien (2010-06-04 16:51:13)


Steven [ web : git ]
GPG:  327B 20CE 21EA 68CF A7748675 7C92 3221 5899 410C
Do not email: honeypot@stebalien.com

Offline

#5 2010-06-04 18:58:49

Garret
Member
From: Palermo, Italy
Registered: 2006-07-09
Posts: 172

Re: Some questions about encryption

Stebalien wrote:

IMHO home directory encryption is the best way to go.

Infact at the end I think I'll encrypt only my home directory with ecryptfs following this guide.

Thanks all for your precious answers smile

Offline

Board footer

Powered by FluxBB