This is what I set up for backups recently using a cheap USB-enclosure which can house 2 SATA disks and shows them as 2 USB mass-storage devices to my system (using only one USB cable). Without any further introduction, here goes the HOWTO:
First, create one big partition on each of the two disks (/dev/sdc and /dev/sdd in my case) of the exact same size. The cfdisk details are omitted here.
$ cfdisk /dev/sdc $ cfdisk /dev/sdd
Then, create a new RAID array using the mdadm utility:
$ mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdc1 /dev/sdd1
The array is named md0, consists of the two devices (--raid-devices=2) /dev/sdc1 and /dev/sdd1, and it's a RAID-1 array, i.e. data is simply mirrored on both disks so if one of them fails you don't lose data (--level=1). After this has been done the array will be synchronized so that both disks contain the same data (this process will take a long time). You can watch the current status via:
$ cat /proc/mdstat Personalities : [raid1] md0 : active raid1 sdd1 sdc1 1465135869 blocks super 1.1 [2/2] [UU] [>....................] resync = 0.0% (70016/1465135869) finish=2440.6min speed=10002K/sec unused devices:
Some more info is also available from mdadm:
$ mdadm --detail --scan ARRAY /dev/md0 metadata=1.01 name=foobar:0 UUID=1234578:1234578:1234578:1234578 $ mdadm --detail /dev/md0 /dev/md0: Version : 1.01 Creation Time : Sat Feb 6 23:58:51 2010 Raid Level : raid1 Array Size : 1465135869 (1397.26 GiB 1500.30 GB) Used Dev Size : 1465135869 (1397.26 GiB 1500.30 GB) Raid Devices : 2 Total Devices : 2 Persistence : Superblock is persistent Update Time : Sun Feb 7 00:03:21 2010 State : active, resyncing Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0 Rebuild Status : 0% complete Name : foobar:0 (local to host foobar) UUID : 1234578:1234578:1234578:1234578 Events : 1 Number Major Minor RaidDevice State 0 8 33 0 active sync /dev/sdc1 1 8 49 1 active sync /dev/sdd1
Next, you'll want to create a big partition on the RAID device (cfdisk details omitted)...
$ cfdisk /dev/md0
...and then encrypt all the (future) data on the device using dm-crypt+LUKS and cryptsetup:
$ cryptsetup --verbose --verify-passphrase luksFormat /dev/md0p1 Enter your desired pasphrase here (twice) $ cryptsetup luksOpen /dev/md0p1 myraid
After opening the encrypted container with cryptsetup luksOpen you can create a filesystem on it (ext3 in my case):
$ mkfs.ext3 -j -m 0 /dev/mapper/myraid
That's about it. In future you can access the RAID data by using the steps below.
Starting the RAID and mouting the drive:
$ mdadm --assemble /dev/md0 /dev/sdc1 /dev/sdd1 $ cryptsetup luksOpen /dev/md0p1 myraid $ mount -t ext3 /dev/mapper/myraid /mnt
Shutting down the RAID:
$ umount /mnt $ cryptsetup luksClose myraid $ mdadm --stop /dev/md0
That's all. Performance is shitty due to all the data being shoved out over one USB cable (and USB itself being too slow for these amounts of data), but I don't care too much about that as this setup is meant for backups, not performance-critical stuff.
Update 04/2011: Thanks to Bohdan Zograf there's a Belorussian translation of this article now!
Among the contents of the drive are unreleased songs from the past six years and two songs which should be released on a new single in a few weeks. Apparently those two songs on the drive were the only instance they had, off-site backups only contained older "beta" versions of the songs. As the band is touring at the moment (i.e. no time for re-recording the songs), it's unclear whether the single can be released in time.
 Well, I am a paranoid computer geek, and I'm probably not a normal person, but you get the point ;-)
 Oh, and if the thieves are stupid enough they will get caught while uploading the files ;-)
Yet another thing that has been on my TODO list for quite a while: encrypted USB thumb drives and/or encrypted external USB hard drives.
I have finally tried this over the weekend using loop-AES. This is very useful for securing your USB thumb drive contents in case you lose it or it gets stolen. Also, I use an external USB hard drive for backups (previously unencrypted). This is encryped now, too.
Here's a quick HOWTO:
AES encrypted loop device support" in "
Device Drivers -> Block Devices -> Loopback device support", and recompile the kernel.
loop encryption key scrubbing support" as it seems to promise higher security (can anybody confirm that?).
apt-get install loop-aes-2.6-686(or a similar package) should suffice.
apt-get install loop-aes-utils
shred -n 1 -v /dev/sda3.
-n 25or higher if you want more security and have a few days time to wait for the thing to finish...
losetup -e aes256 -C 3 -S 'seed' /dev/loop0 /dev/sda3.
-C 3means "run hashed password through 3000 iterations of AES-256 before using it for loop encryption. This consumes lots of CPU cycles at loop setup/mount time but not thereafter." (see
losetup(8)). This is supposed to be more secure.
-S 'seed'(replace "
seed" with a secret string like "
g7sN4" or something) should make brute force attacks a bit harder. Don't forget the seed!
mke2fs -j /dev/loop0
losetup -d /dev/loop0
/dev/sda3 /mnt/crypted_sda3 ext3 noauto,loop=/dev/loop0,encryption=AES256,itercountk=3 0 0
mount -o pseed=seed /mnt/crypted_sda3
/mnt/crypted_sda3which will be encrypted automatically.
For a more detailed guide read the Encrypted-Root-Filesystem-HOWTO. A performance comparison of different ciphers is available, but in general I didn't notice too much of a slow-down because of the encryption...