Date: Tue, 17 Apr 2007 01:04:45 -0500 From: Nikolay Mirin <nik@optim.com.ru> To: Christian Brueffer <brueffer@FreeBSD.org> Cc: mvoorhis@cs.wpi.edu, freebsd-stable@freebsd.org Subject: Re: GELI versus GBDE? Message-ID: <4624637D.40803@optim.com.ru> In-Reply-To: <20070416162105.GA1592@haakonia.hitnet.RWTH-Aachen.DE> References: <200704142307.l3EN72Sn031291@cs.wpi.edu> <46222EF7.1080507@optim.com.ru> <20070416162105.GA1592@haakonia.hitnet.RWTH-Aachen.DE>
next in thread | previous in thread | raw e-mail | index | archive | help
Anyway, the other reasons that GBDE suck are: 1) Lots of annoying ENOMEM messages, since the memory allocation calls gbde makes are somewhat specific as I understand. One can ignore those messages. 2) GELI provides a onetime key feature, which makes it incredibly convenient for swap and /tmp encryption. 3) The secret key in GELI can be split between the keyfile and the passphrase. The only inconvenience I had with GELI is that if one wants to read a passphrase in a script once and then open a bunch of volumes, than one has to use "expect" to feed the passphrase to geli. It requires the terminal input and won't accept the stdin. GBDE does not have such issue. P.S. One can actually have both in kernel. Christian Brueffer said the following on 16.04.2007 11:21: > On Sun, Apr 15, 2007 at 08:56:07AM -0500, Nikolay Mirin wrote: > >> Definitely GELI. >> >> GBDE will become obsolete very soon as some other things like vinum and >> such. It was there just as a test of concept as I understand. >> Many those different disk subsystems are incompatible in fact, the case >> of GBDE and Vinum is mentioned as an example in the handbook. >> Read more about GEOM, as this system will unite all possible disk >> techniqies. >> >> Also, GELI takes advantage of crypto-hardware, but I believe that one >> gets a benefit out of it only if the main CPU is very slow. >> >> > > There are currently no plans to remove GBDE. The problems with Vinum > you mention stemmed from the fact, that the original Vinum was not GEOM > aware, thus, GELI couldn't have been used with it as well. gvinum has > been in existance for some time now and it's fully compatible to both > GBDE and GELI. > > - Christian > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4624637D.40803>