Re: Full disk encryption options

[aragonx () dcsnow com]

> Hi,
>
> Can you clarify why you need this behaviour in the first place (ie, under
> what circumstances the server will be shut down)??
>
> Mounting without manual password entry would be most useful in case of
> recovering from unexpected outages, but this is the opposite of what
> you're asking for. Occasional restarts for maintenance (in presence of
> admin) wouldn't require such a facility. So, I conclude that you're
> possibly talking about a machine which you shut down on (eg) a daily basis
> when everyone goes home?

This machine is always on.  What I'm trying to protect against is someone
taking the hardware and then trying to recover the information on it. 
Most of the time, I am remote and there are occasional power outages (for
which I don't have enough protection).  The machine is set to come back on
when AC is restored.  Therefore I would need the volumes mounted
automaticly.

One of the things that I am considering encrypting is the volumes that
store my email (/home and /var).  I think the machine will operate fine
without /home but /var (for the mail spool) might be an issue.  Especially
since it is my email server.

I like the idea of having another computer store the key.  However, this
computer would have to be at a remote location.  If someone steals one
computer, they would probably steal them all (at that location).  So far
this is the best solution I've heard.  Thank you.

---
Will Y.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.