Date: Tue, 17 Apr 2007 08:54:10 -0400 From: Sam Baskinger <sbaskinger@lumeta.com> To: Nikolay Mirin <nik@optim.com.ru> Cc: mvoorhis@cs.wpi.edu, freebsd-stable@freebsd.org, Christian Brueffer <brueffer@FreeBSD.org> Subject: Re: GELI versus GBDE? Message-ID: <4624C372.2010003@lumeta.com> In-Reply-To: <4624637D.40803@optim.com.ru> References: <200704142307.l3EN72Sn031291@cs.wpi.edu> <46222EF7.1080507@optim.com.ru> <20070416162105.GA1592@haakonia.hitnet.RWTH-Aachen.DE> <4624637D.40803@optim.com.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
I've been working on a ruby script to manage some geli file systems and have had some good experience using "-k -" to make it read from standard in. It's mixed with popen calls instead of a more bash-y version, but it works. :) I have not tried running it w/o a terminal allocated, but I suspect that won't make much of a difference. (If the script wasn't in such sorry shape at the moment I would copy it along, but I don't think anyone wants to see it now. ;) ) Sam Lumeta - Securing the Network in the Face of Change www.lumeta.com Nikolay Mirin wrote: > Anyway, the other reasons that GBDE suck are: > > 1) Lots of annoying ENOMEM messages, since the memory allocation calls > gbde makes are somewhat specific as I understand. > One can ignore those messages. > 2) GELI provides a onetime key feature, which makes it incredibly > convenient for swap and /tmp encryption. > 3) The secret key in GELI can be split between the keyfile and the > passphrase. > > The only inconvenience I had with GELI is that if one wants to read a > passphrase in a script once and > then open a bunch of volumes, than one has to use "expect" to feed the > passphrase to geli. It requires the terminal input and > won't accept the stdin. GBDE does not have such issue. > > P.S. One can actually have both in kernel. > > Christian Brueffer said the following on 16.04.2007 11:21: >> On Sun, Apr 15, 2007 at 08:56:07AM -0500, Nikolay Mirin wrote: >> >>> Definitely GELI. >>> >>> GBDE will become obsolete very soon as some other things like vinum >>> and such. It was there just as a test of concept as I understand. >>> Many those different disk subsystems are incompatible in fact, the >>> case of GBDE and Vinum is mentioned as an example in the handbook. >>> Read more about GEOM, as this system will unite all possible disk >>> techniqies. >>> >>> Also, GELI takes advantage of crypto-hardware, but I believe that one >>> gets a benefit out of it only if the main CPU is very slow. >>> >>> >> >> There are currently no plans to remove GBDE. The problems with Vinum >> you mention stemmed from the fact, that the original Vinum was not GEOM >> aware, thus, GELI couldn't have been used with it as well. gvinum has >> been in existance for some time now and it's fully compatible to both >> GBDE and GELI. >> >> - Christian >> >> > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4624C372.2010003>