From owner-freebsd-security@FreeBSD.ORG  Sun Jan 29 18:35:15 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E9F4416A420
	for <freebsd-security@freebsd.org>;
	Sun, 29 Jan 2006 18:35:15 +0000 (GMT)
	(envelope-from freebsd-security@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7237743D46
	for <freebsd-security@freebsd.org>;
	Sun, 29 Jan 2006 18:35:14 +0000 (GMT)
	(envelope-from freebsd-security@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1F3HO9-0005nM-WE
	for freebsd-security@freebsd.org; Sun, 29 Jan 2006 19:35:02 +0100
Received: from p508c1476.dip0.t-ipconnect.de ([80.140.20.118])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-security@freebsd.org>; Sun, 29 Jan 2006 19:35:01 +0100
Received: from christian.baer by p508c1476.dip0.t-ipconnect.de with local
	(Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-security@freebsd.org>; Sun, 29 Jan 2006 19:35:01 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-security@freebsd.org
From: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Date: Sun, 29 Jan 2006 18:59:39 +0100 (CET)
Organization: Convenimus Projekt
Lines: 29
Message-ID: <drivqb$1ouq$2@nermal.rz1.convenimus.net>
References: <drgdg9$1klu$9@nermal.rz1.convenimus.net>
	<20060129022943.GJ2341@turion.vk2pj.dyndns.org>
	<dri7ra$1ouq$1@nermal.rz1.convenimus.net>
	<20060129164255.32d7722a@Magellan.Leidinger.net>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: p508c1476.dip0.t-ipconnect.de
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: Re: Should I use gbde or geli?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2006 18:35:16 -0000

On Sun, 29 Jan 2006 16:42:55 +0100 Alexander Leidinger wrote:

>> One of the aces we may have is the fact that noone (including the
>> employees) will know that the information is encrypted. This way a theft
> Too late now. You already revealed this information into the public.
> Google will be able to tell the well prepared burglar about this.

Well, not really. Noone knows what company we are talking about and
since my name is never mentioned in conjunction with this company, a
possible thief may know that *I* am doing something but not for who. I'm
not *that* thick. :-)

> AFAIR Blowfish was one the main algorithms which had a lot of potential
> to get the AES sign, but in the end Rijndael won. I think it won
> because of some resource aspects, not because of security aspects. But
> I may be wrong with this.

Actually, it wasn't Blowfish but Twofish, which is supposed to be the
successer. Too bad Serpant doesn't work with GELI (yet). :-)

>> Or am I missing the point here?
> Think about one-time passwords.

That could limit the resources a little to much as those people with
access require it at a regular basis.

Regards
Chris