Do you also run the hypervisor? Because if you are not, then the host can dump your guest's memory and retrieve the luks passphrase from there AFAIK. Who are you hiding from?
-- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "James B. Byrne" <byrn...@harte-lyne.ca> > To: centos@centos.org > Sent: Wednesday, 22 October, 2014 20:32:32 > Subject: [CentOS] Q. LUKS or ecryptfs-utils ? > I am now investigating encrypting our IMAP user spool files. Does anyone have > experience with handling encrypted data stores using either or both of the > subject methods and would care tio share their observations? Which is the > preferred method (I know: it depends, but on what?)? What administrative > pain does each cause? > > Our IMAP host is a KVM guest so spinning up a duplicate and simply copying the > data to an encrypted device or filesystem is not a very big deal. We can live > with manually mounting the file system and providing a pass-phrase at boot. > we are also looking into a semi-auto USB based solution to that issue. > > -- > *** E-Mail is NOT a SECURE channel *** > James B. Byrne mailto:byrn...@harte-lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
