[plug] Encrypted WD Mybook Live

Brad Campbell brad at fnarfbargle.com
Tue Nov 13 13:29:22 WST 2012

G'day All,

I was recently away on holiday and had a nasty thought. "What if someone 
broke in and stole all my computers". It's not the loss of the machines, 
they are covered by insurance. It's not the loss of the data as it is 
comprehensively backed up and rotated off site.

The issue is the potential leakage of sensitive information.

I have systems in two geographically close, but individually secured 
buildings and they cross backup. The desktop machines (being MacOS, 
Linux & Windows) all back up to a local WD Mybook Live (with afs, nfs & 
samba respectively).

Poking around inside the Mybook showed it to be a relatively standard 
Debian lenny install, so I compiled up dm-crypt modules and set about 
replacing the standard data volume mount with an encrypted version.

The device runs a script from /etc/crypttab that brings up the network 
interface and obtains the passphrase from a remote server. Aside from a 
significant reduction in the IO speed the device works just as it did 
out of the box, however now if it gets nicked I know the data is useless.

Along the same vein, I have a server with 6 240GB SSD's configured as 
RAID10,n2 and using dm-crypt on that array has made a negligible 
difference in throughput and latency.

This is my first time playing with dm-crypt, and I've been pleasantly 
surprised at how fast it is on machines with AES-NI, and how easy to use 
it is in general.

It's not going to protect me against someone gaining physical access to 
the network, however at least I'm covered against the common thug.

More information about the plug mailing list