[CentOS] Q. LUKS or ecryptfs-utils ?

Wed Oct 22 22:52:09 UTC 2014
Nux! <nux at li.nux.ro>

Do you also run the hypervisor? Because if you are not, then the host can dump your guest's memory and retrieve the luks passphrase from there AFAIK. Who are you hiding from?

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "James B. Byrne" <byrnejb at harte-lyne.ca>
> To: centos at centos.org
> Sent: Wednesday, 22 October, 2014 20:32:32
> Subject: [CentOS] Q. LUKS or ecryptfs-utils ?

> I am now investigating encrypting our IMAP user spool files.  Does anyone have
> experience with handling encrypted data stores using either or both of the
> subject methods and would care tio share their observations?  Which is the
> preferred method (I know: it depends, but on what?)?   What administrative
> pain does each cause?
> 
> Our IMAP host is a KVM guest so spinning up a duplicate and simply copying the
> data to an encrypted device or filesystem is not a very big deal.  We can live
> with manually mounting the file system and providing a pass-phrase at boot.
> we are also looking into a semi-auto USB based solution to that issue.
> 
> --
> ***          E-Mail is NOT a SECURE channel          ***
> James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos