On 2015-06-03 01:16, Sebastian Nielsen wrote: > If you only are worried by backups or other copies that might come in > the wrong hands, and not someone directly accessing the server, I would > suggest setting up a encrypted storage in the server. Since VPS/VM in > many times give you root access, you could easily set your virtual > machine to be encrypted with LUKS, and then you have to type a password > each time the VM boot.
using LUKS has some disadvantages here: 1) somebody has to type remotely the password every time the machine boots. This is very impractical 2) LUKS is only effective when the machine is turned off. Once LUKS is mounted (decrypted) data can be read and encryption key recovered 3) if ever, somebody gains access to the decryption key (see 2) all emails ever received are accessible. Besides, for the sake of argument, we can assume that I already have LUKS, but want to have another layer. These two things are not mutually exlusive.
