6

USB HDD with Loop-AES/LUKS

view full story
linux-howto

http://www.linuxquestions.org – I've been experimenting with Loop-AES and LUKS for a few weeks now. For test purposes, I setup a RAID-1 array. The array is encrypted with LUKS, and then a Loop-AES system sits on top of that. Basically, I have a mount script I wrote that asks for both passwords then mounts the volume in /mnt where I can access it like a regular drive. My goal: To do this with the external USB HDD, and keep the LUKS and Loop-AES keys on a CD in my SCSI CD drive, so it automatically mounts on boot. The contents of the drive is needed by apache, so it has to automatically mount during boot somehow. I figure I can achieve the auto mount part by writing up an init script to mount it with the key files off the CD. I know it's probably pointless to use both LUKS and Loop-AES for this, but if at all possible, I'd like to. I don't see why it wont work, it works with the internal RAID-1 array. Nothing on the drive is actually of any security concern, it's simply the fact that too many people are probably crazy enough to come through the window to get it, so I want to make double sure if that does happen they have a useless drive. It hosts my media library, which I can VPN into from my phone. Auth over SSL over VPN tunnel. I'm always a bit paranoid... So far, the pros & cons list: + Stealing the drive leaves the thief with nothing + Makes it less tempting to steak knowing its useless + If someone tries to copy the data off it while its connected, unmount/kill power. + CD can be removed and securely stored after boot. - CD has to be in for boot - Slower than just reading/writing to the drive - More CPU load Anyone care to chip in with comments/advice? (HowTos)