From owner-freebsd-stable@FreeBSD.ORG Tue Apr 17 12:55:40 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5F47816A403; Tue, 17 Apr 2007 12:55:40 +0000 (UTC) (envelope-from sbaskinger@lumeta.com) Received: from MAIL.corp.lumeta.com (zeus.lumeta.com [65.246.245.22]) by mx1.freebsd.org (Postfix) with ESMTP id BF5DC13C4BA; Tue, 17 Apr 2007 12:55:39 +0000 (UTC) (envelope-from sbaskinger@lumeta.com) Received: from [65.246.246.82] ([65.246.246.82]) by MAIL.corp.lumeta.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 17 Apr 2007 08:55:38 -0400 Message-ID: <4624C372.2010003@lumeta.com> Date: Tue, 17 Apr 2007 08:54:10 -0400 From: Sam Baskinger Organization: Lumeta Corporation User-Agent: Thunderbird 1.5.0.10 (X11/20070404) MIME-Version: 1.0 To: Nikolay Mirin References: <200704142307.l3EN72Sn031291@cs.wpi.edu> <46222EF7.1080507@optim.com.ru> <20070416162105.GA1592@haakonia.hitnet.RWTH-Aachen.DE> <4624637D.40803@optim.com.ru> In-Reply-To: <4624637D.40803@optim.com.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 17 Apr 2007 12:55:38.0963 (UTC) FILETIME=[B2DBB230:01C780EF] Cc: mvoorhis@cs.wpi.edu, freebsd-stable@freebsd.org, Christian Brueffer Subject: Re: GELI versus GBDE? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2007 12:55:40 -0000 I've been working on a ruby script to manage some geli file systems and have had some good experience using "-k -" to make it read from standard in. It's mixed with popen calls instead of a more bash-y version, but it works. :) I have not tried running it w/o a terminal allocated, but I suspect that won't make much of a difference. (If the script wasn't in such sorry shape at the moment I would copy it along, but I don't think anyone wants to see it now. ;) ) Sam Lumeta - Securing the Network in the Face of Change www.lumeta.com Nikolay Mirin wrote: > Anyway, the other reasons that GBDE suck are: > > 1) Lots of annoying ENOMEM messages, since the memory allocation calls > gbde makes are somewhat specific as I understand. > One can ignore those messages. > 2) GELI provides a onetime key feature, which makes it incredibly > convenient for swap and /tmp encryption. > 3) The secret key in GELI can be split between the keyfile and the > passphrase. > > The only inconvenience I had with GELI is that if one wants to read a > passphrase in a script once and > then open a bunch of volumes, than one has to use "expect" to feed the > passphrase to geli. It requires the terminal input and > won't accept the stdin. GBDE does not have such issue. > > P.S. One can actually have both in kernel. > > Christian Brueffer said the following on 16.04.2007 11:21: >> On Sun, Apr 15, 2007 at 08:56:07AM -0500, Nikolay Mirin wrote: >> >>> Definitely GELI. >>> >>> GBDE will become obsolete very soon as some other things like vinum >>> and such. It was there just as a test of concept as I understand. >>> Many those different disk subsystems are incompatible in fact, the >>> case of GBDE and Vinum is mentioned as an example in the handbook. >>> Read more about GEOM, as this system will unite all possible disk >>> techniqies. >>> >>> Also, GELI takes advantage of crypto-hardware, but I believe that one >>> gets a benefit out of it only if the main CPU is very slow. >>> >>> >> >> There are currently no plans to remove GBDE. The problems with Vinum >> you mention stemmed from the fact, that the original Vinum was not GEOM >> aware, thus, GELI couldn't have been used with it as well. gvinum has >> been in existance for some time now and it's fully compatible to both >> GBDE and GELI. >> >> - Christian >> >> > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >