-1

I'm installing CentOS 6.1 on a server and exploring the encryption settings in combination with software RAID.

  • Should I encrypt the drive partition, the software RAID device, or both?
  • Should I encrypt swap?

Wondering the pros/cons of each approach in case I mentally missed something.

Thanks

Rob Olmos
  • 2,240
  • 1
  • 15
  • 26

1 Answers1

0

What sense should there be in encrypting both the md device and the underlying block device? It just slows things down.

Also, when using a RAID and encrypting the physical device, you would effectively encrypting the same set of data multiple times, again slowing things down.

As for encrypted Swap space: There can be intersting data in swapped out memory, but it depends on your threat model. If I would use encrypted disks, I would also encrypt swap space.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • OK so should I encrypt the partition or the MD device? – Rob Olmos Dec 16 '11 at 18:47
  • @RobOlmos: Did you actually read my answer? If you encrypt the basic physical devices (possibly the partitions) of a software RAID, you will need to do the encryption multiple times, without any security benefit. – Sven Dec 16 '11 at 18:51