From owner-freebsd-current@FreeBSD.ORG Sat Jul 26 22:56:26 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8746637B401 for ; Sat, 26 Jul 2003 22:56:26 -0700 (PDT) Received: from grunt5.ihug.co.nz (grunt5.ihug.co.nz [203.109.254.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA09C43F3F for ; Sat, 26 Jul 2003 22:56:25 -0700 (PDT) (envelope-from jstockdale@stanford.edu) Received: from 203-173-240-172.adsl.ihug.co.nz (stanford.edu) [203.173.240.172] by grunt5.ihug.co.nz with smtp (Exim 3.35 #1 (Debian)) id 19geW6-000254-00; Sun, 27 Jul 2003 17:56:22 +1200 Date: Sun, 27 Jul 2003 17:56:23 +1200 Mime-Version: 1.0 (Apple Message framework v552) Content-Type: text/plain; charset=US-ASCII; format=flowed From: John Stockdale To: freebsd-current@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: <0D8BEE11-BFF7-11D7-B8B6-000393A6EB58@stanford.edu> X-Mailer: Apple Mail (2.552) Subject: Feasibility/Practicality of using GBDE to facilitate encrypted swap, md, /tmp, filesystems X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jul 2003 05:56:26 -0000 Hopefully PHK has a chance to look this one over, but if anyone else has any thoughts I'll take any opinions I can get. ;) I was looking over the 5.2 TODO and got curious as to the changes intended for GBDE to allow integration into the fstab / boot-time mount procedure. Unfortunately I have a rather poor background in how the various FreeBSD subsystems interact, but was wondering if such boot-time mount ability could be used such that GBDE encrypted devices could be used to back the swap, /tmp, and other portions of the file system. It seems that initializing a GBDE device at boot with a random lock file key (or no lock file?) such that as soon as the GBDE dev is detached or the machine is rebooted all information on that partition is not recoverable. Not only would this give us encrypted swap that OpenBSD minions always laude over me ;) but also it seems like (specifically /tmp encryption) would combat the chances that copies of plain text files get left around. On a slightly related note, I currently have a script that allows the creation of a post boot encrypted md device, and am just using the -p option on initialization to feed GBDE a passphrase piped from /dev/random into md5. Is there any way to do such an initialization more securely? (such as not having to rely on the security of the shell or md5 along the way?) Thanks -John