Hacker News new | comments | ask | show | jobs | submit login

I think it may be prudent to begin encrypting all data on disk that can reasonably be encrypted while being able to set up the server remotely so that no one can just snatch your server and get all your data.

This could work by encrypting your database in a truecrypt volume that must be mounted by entering the password. Thus, the data is only ever saved on disk in encrypted form, and the key to access the data is not saved on the disk. Of course, it is still in principle possible for anyone to access that information if they have physical access to the computer while it's running, but at least this makes that much harder.




How fast is Truecrypt? How much would this slow down database and file access?


Truecrypt is significantly slower, especially on the higher strength encryption methods. The program itself has a benchmark in it, so download it and check it out for yourself if you're that curious. (Note that it is relative to your hard drive's speed)


I don't know. It would obviously slow down database access. It would be nice if someone tested this.


I suspect this would only be reasonably applicable if you manage to reduce disk accesses to the very minimum. I'm not very familiar with these setups, but I assume they slow down disk accesses quite a lot.


Yeah, and watch your database IOPs fall by 1000x.

It's not feasible to run databases on encrypted block devices. Some databases let you encrypt certain tables or columns, though.


I don't think this is reasonable. If you lose power, the the volume is toast as I understand it.


if i'm understanding you correctly, you're wrong. it's just another layer in the system (one more function in the mapping from your data to magnetic patterns - a function that's completely reasonable, predictable, etc, just hard to guess). the problem is that you need to enter the password on boot, which makes automated startup difficult.

for example, my laptop disk's main partition is encrypted. i need to enter the password when i boot, but nothing terrible happens if i lose power or the system crashes or whatever.


Obviously you should back it up, like you would be doing anyway.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: