Tomb and Thin Provisioning

Tomb is a real nice encryption tool.

Unfortunately I had to store some data which might or might not grow “a lot” and where it’s stored there isn’t much space to begin with.. and Tomb doesn’t let you create volumes with, although less secure, non-randomized data source.

I made a very small patch to the latest version (2.1.1) to instead create/resize sparse files as disk images. This is clearly dangerous for data that must be absolutely protected as you give away some informations on the content of the image that might help an attacker.

If your use case doesn’t require such a high level of security you can use it and delay the space allocation. For instance a clean disk, allocated for 32GB of space occupies much less (when empty).

tomb dig -s 32768 secret.tomb
tomb lock secret.tomb -k secret.tomb.key

du -h secret.tomb
133M secret.tomb

The current 133M blocks are mostly used by the filesystem itself but you can get that down even more by first allocating a small disk, changing the reserved block count for the filesystem and then resize it to a bigger disk.

tomb dig -s 10 secret.tomb
tomb lock secret.tomb -k secret.tomb.key
tomb resize -s 10 secret.tomb -k secret.tomb.key

du -h secret.tomb
5.1M secret.tomb

The change is very simple but I don’t want to share it as a patch or send it upstream due to the weakened security. Hence I will just point out that instead of using count in the dd commands for dig and resize you should use seek.


, , , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: