Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [disk-encryption]

132 questions
4
votes
1 answer

Encrypt disks using SED and store keys in TPM?

I'm buying servers lately and all of them have disks that support TCG Opal full-disk encryption (aka SED). What I'd like to do is: Store data encrypted-at-rest on the disks (NVMe & SAS). Not be required to enter a password/passphrase at server…
Evan
  • 307
  • 1
  • 4
  • 12
4
votes
1 answer

Enabling Disk Encryption on DC S 3700?

I have a server running Debian stable with two 100GB Intel DC S 3700 drives in a Linux MD RAID 1. According to Intel, these drives support 256-bit AES encryption and I would like to encrypt the data written to these drives in order to tick a new box…
StaringSkyward
  • 115
  • 2
  • 4
4
votes
1 answer

Possible to set encryption block size in LUKS?

When I do a benchmark test modprobe tcrypt sec=2 mode=200 I see that different encryption block sizes are used test 0 (128 bit key, 16 byte blocks): 4460604 operations in 2 seconds (71369664 bytes) test 1 (128 bit key, 64 byte blocks): 1747179…
Sandra
  • 10,303
  • 38
  • 112
  • 165
4
votes
2 answers

Variable size encrypted container

Is there an application similar to TrueCrypt, but the one that can make variable size containers opposed to fixed-size or only-growing-to-certain-amount containers which can be made by TrueCrypt? I want this container to be able to be mounted to a…
Cray
  • 210
  • 3
  • 9
4
votes
1 answer

Very slow write performance on Debian 6.0 (AMD64) with DMCRYPT/LVM/RAID1

I'm seeing very strange performance characteristics on one of my servers. This server is running a simple two-disk software-RAID1 setup with LVM spanning /dev/md0. One of the logical volumes /dev/vg0/secure is encrypted using dmcrypt with LUKS and…
jdelic
  • 41
  • 2
4
votes
2 answers

Encrypt remote linux server

One of my customers has requested that their web server is encrypted to prevent offline attacks to highly sensitive data contained in a mysql database and also /var/log. I have full root access to the dedicated server at a popular host. I am…
Michelle
  • 923
  • 5
  • 20
  • 30
3
votes
1 answer

Wiping Bitlocker Drive Key Sector

I have a 4TB drive that has been bitlocker encrypted (via password) since day one and want to wipe it before I sell it used. The process looks like it's going to take 100+ hours via nwipe but I was wondering if there was any public info on what…
Nuvious
  • 165
  • 1
  • 6
3
votes
2 answers

Azure Disk Encryption without Azure AD

According to Microsoft's documentation and examples, it should be possible to configure Azure Disk Encryption without using Azure AD; for example at https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-windows we have the…
Maximus Minimus
  • 8,987
  • 2
  • 23
  • 36
3
votes
2 answers

eCryptfs headers errors

I'm getting the following error on a server where a partition is encrypted thru ecryptfs. [3440851.003561] Valid eCryptfs headers not found in file header region or xattr region, inode 22545087 [3440830.026081] Valid eCryptfs headers not found in…
ohe
  • 145
  • 1
  • 7
3
votes
1 answer

How secure is information on a LUKS encrypted backup media?

Imagine confidential information (certificates, keys, whatever) stored on an LUKS encrypted backup disk containing for example an ext4 file-system. AFAIK such a device contains a key file which is in turn encrypted with some pass-phrase. Suppose…
pefu
  • 679
  • 1
  • 6
  • 24
3
votes
2 answers

cryptsetup luksOpen key-file does not work

I am getting "No key available with this passphrase." when trying: sudo cryptsetup open --type luks /dev/sdc storage --key-file=/path/to/keyfile The /path/to/keyfile file contains just the passphrase in plain text. If I enter the same passphrase…
Greendrake
  • 1,391
  • 2
  • 13
  • 22
3
votes
1 answer

Resting Encryption on iSCSI SAN in Hyper-V Environment

I have a need to implement resting encryption of data within our environment. Basically, we have a Hyper-V virtual server named FILER01 that runs Windows Server 2012 that is has a direct iSCSI connection to a LUN on our DELL MD3200i iSCSI SAN. …
bigmac
  • 459
  • 3
  • 8
  • 18
3
votes
4 answers

Is there such thing as hardware encrypted raid disk?

I have a server for which I want to protect the content. The server is located on a clients premises. Is there a way to encrypt the content of a RAID DISK (at hardware level) ? What I need is that the server will not be able to start as long as the…
Dumitrescu Bogdan
  • 143
  • 1
  • 1
  • 5
3
votes
1 answer

Disable asking for a passphrase without having to re-make the encrypted partition

I have a server which I set up with its root partition totally encrypted. I urgently need to disable the passphrase dialog at startup because it is not letting the server boot up after an electricity cut, it happened already. Is there any way to…
user134316
3
votes
2 answers

Security of BitLocker with no PIN from WinPE?

Say you have a computer with the system drive encrypted by BitLocker and you're not using a PIN so the computer will boot up unattended. What happens if an attacker boots the system up into the Windows Preinstallation Environment? Will they have…
Scott Bussinger
  • 1,801
  • 4
  • 24
  • 27
1
2
3
8 9