@v_d_richards kommt drauf an.
wenn jene Platten nicht verschlüsselt sind sollte nen #fstab-Eintrag das lösen.
Muss mal schaum ob sich das öffnen als Befehl automatisieren ließe als Skript...
@tokyo_0 #TrueCrypt is #abandonware with serious security issues.
Use #VeraCrypt or even better: migrate machines to #Linux and use #LUKS / #dmcrypt instead, as it's the best option at hand.
@arrjay what pisses me off about every single distro for the #RaspberryPi is that none of them have #FeatureParity to their #Desktop parts for no good reason.
Something we had on @ubuntu / #Ubuntu 7.04 & @opensuse / #OpenSUSE 10.2 from day 1!
Frage an die datenschützenden SysAdmins und angewandten IT-Sicherheitsforschenden unter euch:
Bietet #Festplattenverschlüsselung in einem angemieteten #VPS auf #KVM-Basis einen wirkungsvollen #Datenschutz?
Dieser Text hat mich verunsichert: https://lowendbox.com/blog/how-private-is-your-hosted-data-really-even-that-encrypted-stuff/
@sebsauvage @breizh @nixCraft OFC one can basically use #dmcrypt to encrypt any FS transparently, and besides #ZFS and it's #VolumeManager that's part of the #Filesystem this should just work...
I mean: Just because you ~can~ put NTFS or exFAT in a LUKS container doesn't mean you should...
@ernstdemoor @nixCraft that's because on basically all #Linux #Filesystems, #RAID and #Encryption is handled by dedicaded subsystems like #dmraid and #dmcrypt / #LUKS respectably, thus not on filesystem but OS level...
This allows extra cursed shit like a an encrypted & RAID-5 running NTFS - Tho that won't be useable by anything but Linix and I disrecommend it almost as hard as mixing hardware RAID controllers and/or dmraid with ZFS.
Remember: NEVER EVER LIE TO ZFS!!!
Turns out, #LVM #RAID-1 with #dmintegrity over two separate physical disks and then putting a #dmcrypt device on top of the RAID is really slow. As in, it's estimating to take a week to do the initial sync on the two 12TB WD Red drives on SATA. (For comparison, zeroing out one of these disks should take 8 hours or something.)
Apparently it's a somewhat-known problem with dm-integrity, related to its journal.
How would you build something bitrot-safe & encrypted with that hardware? #Debian 12.
@joepie91 Don't forget:
- #Mumble for #VoiceChats
- #Linphone as #SIP / #VoIP client
- #gparted and #ddrescue as well as #testdik & #photorec for halding storage and recovering data.
And ofc all the tools I need daily like #SSH (#OpenSSH), #OpenVPN, #WireGuard, #IPsec, #pfSense, #OPNsense, #ipFire, #LUKS/ #dmcrypt and the whole #toolchain needed for OS/1337 like #gcc, #musl, #toybox, #dropbear and so on.
Is there a good way to have a #Linux server reboot unattended when the root partition is dm_crypt encrypted? I'm not super worried about bad guys being physically present. More just worried that a power outage might initiate a reboot while I am not present.
Is including the key file in the initramfs (correct terminology?) that horrible a thing if physical access to the machine is not a concern?
Thoughts or advice?
