From owner-freebsd-hackers@FreeBSD.ORG  Sat Oct 11 07:44:23 2014
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8698B6E6
 for <hackers@freebsd.org>; Sat, 11 Oct 2014 07:44:23 +0000 (UTC)
Received: from mail.michaelwlucas.com (mail.michaelwlucas.com [108.61.84.26])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4686435B
 for <hackers@freebsd.org>; Sat, 11 Oct 2014 07:44:23 +0000 (UTC)
Received: from mail.michaelwlucas.com (localhost [127.0.0.1])
 by mail.michaelwlucas.com (8.14.7/8.14.7) with ESMTP id s9B7iDw2009454;
 Sat, 11 Oct 2014 03:44:13 -0400 (EDT)
 (envelope-from mwlucas@mail.michaelwlucas.com)
Received: (from mwlucas@localhost)
 by mail.michaelwlucas.com (8.14.7/8.14.7/Submit) id s9B7iD5t009453;
 Sat, 11 Oct 2014 03:44:13 -0400 (EDT) (envelope-from mwlucas)
Date: Sat, 11 Oct 2014 03:44:12 -0400
From: "Michael W. Lucas" <mwlucas@michaelwlucas.com>
To: Erich Dollansky <erichsfreebsdlist@alogt.com>
Subject: Re: GBDE not protecting the user
Message-ID: <20141011074412.GA9432@mail.michaelwlucas.com>
References: <20141010215842.GA6717@mail.michaelwlucas.com>
 <20141011113008.705ba16d@X220.alogt.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20141011113008.705ba16d@X220.alogt.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,URIBL_BLOCKED
 autolearn=ham autolearn_force=no version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 mail.michaelwlucas.com
Cc: hackers@freebsd.org
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Oct 2014 07:44:23 -0000

On Sat, Oct 11, 2014 at 11:30:08AM +0800, Erich Dollansky wrote:
> Hi,
> 
> On Fri, 10 Oct 2014 17:58:42 -0400
> "Michael W. Lucas" <mwlucas@michaelwlucas.com> wrote:
> 
> > [Tried questions@, no answer, and the code contains things I just
> > cannot trigger.]
> > 
> just try geli. It works for me. What I like most is that you can have
> key and password on external media. No external media - no decyphering.

GELI does not verify key destruction when the correct passphrase is
used. There are use cases where this is very important--e.g., finance.

I'd really like to include GBDE in my FreeBSD storage book, but it
seems that it doesn't actually work.

==ml

-- 
Michael W. Lucas  -  mwlucas@michaelwlucas.com, Twitter @mwlauthor 
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/