Date: Fri, 17 Sep 2004 15:18:59 -0400 (EDT) From: "Charles Ulrich" <charles@idealso.com> To: Jim.Kinsey@nokia.com Cc: freebsd-questions@freebsd.org Subject: Re: Hard drive encryption Message-ID: <46000.24.11.146.21.1095448739.squirrel@freedombi.com> In-Reply-To: <59A36C4D2F9E7243BEB522274F72C30390B90A@mvebe001.americas.nokia.com> References: <59A36C4D2F9E7243BEB522274F72C30390B90A@mvebe001.americas.nokia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim.Kinsey@nokia.com said: > > > Hello, > > I am writing to inquire about a hard drive encryption software that is > compatible with FreeBSD. We have been using PointSEC with windows and am > looking for a similar solution for FreeBSD. I see you have GEOM Based Disk > Encryption (gbde) Which I have read about on your web site, but the folks > here are resistant to using it and are asking for a 3rd party solution that is > separate from the OS. I don't know what third-party disk encryption services there are available for FreeBSD nor do I know what the status of gbde is currently, but there is no inherent reason that a third-party encryption service would be any more stable or robust than one that's built into the OS. In fact, I'd argue just the opposite, as the people who wrote gbde also work on related parts of the FreeBSD kernel and nearly all of the core FreeBSD developers are well-known for their ability to design and write quality, stable code. They would also be the first ones to notice a change to the kernel that would adversely effect gbde and probably also the first ones to fix such a problem. > Do you have anything in mind? I understand that gbde > requests a password before the partition can be mounted anyway so this > simulates the same functionality of PointSEC, but since it is part of the OS, > it seems that if someone has access to the OS, they could still get in. Is > that right? No, otherwise there would be no point in encrypting the data on the disk. Encryption means that even if someone were to get their hands on the physical disk (which is always considered the worst-case scenario, from a security standpoint) and read all of the data off it, they could never use it to gain any information since the data would appear scambled unless they decrypted it with the appropriate key (the password, in this case). In other words, it's not the operating system that allows/disallows access to an ecrypted disk, it's the mathematical encryption algorithms. Similarly, disk encryption has nothing to do with allowing/disallowing access to the system, only its data. -- Charles Ulrich System Administrator Ideal Solution - http://www.idealso.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46000.24.11.146.21.1095448739.squirrel>