From owner-freebsd-geom@FreeBSD.ORG Wed Feb 8 06:03:52 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 506D016A420 for ; Wed, 8 Feb 2006 06:03:52 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from ms-dienst.rz.rwth-aachen.de (ms-2.rz.RWTH-Aachen.DE [134.130.3.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 363AD43D49 for ; Wed, 8 Feb 2006 06:03:50 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from circe (circe.rz.RWTH-Aachen.DE [134.130.3.36]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IUC00KKNU6D4N@ms-dienst.rz.rwth-aachen.de> for freebsd-geom@freebsd.org; Wed, 08 Feb 2006 07:03:49 +0100 (MET) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Wed, 08 Feb 2006 07:03:48 +0100 (MET) Received: from bigboss.hitnet.rwth-aachen.de (bigspace.hitnet.RWTH-Aachen.DE [137.226.181.2]) by smarthost.rwth-aachen.de (8.13.1/8.13.1/1) with ESMTP id k1863lq3023783; Wed, 08 Feb 2006 07:03:47 +0100 Received: from haakonia.hitnet.rwth-aachen.de ([137.226.181.92]) by bigboss.hitnet.rwth-aachen.de with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1F6iQe-0003mf-GR; Wed, 08 Feb 2006 07:03:48 +0100 Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001) id 59A083F429; Wed, 08 Feb 2006 07:03:48 +0100 (CET) Date: Wed, 08 Feb 2006 07:03:48 +0100 From: Christian Brueffer In-reply-to: To: Christian Baer Message-id: <20060208060348.GB1729@haakonia.hitnet.RWTH-Aachen.DE> MIME-version: 1.0 Content-type: multipart/signed; boundary=jho1yZJdad60DJr+; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.5.11 X-Operating-System: FreeBSD 6.0-STABLE X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: Cc: freebsd-geom@freebsd.org Subject: Re: GELI -> What to encrypt? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 06:03:52 -0000 --jho1yZJdad60DJr+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 08, 2006 at 01:20:00AM +0100, Christian Baer wrote: > Hi folks! >=20 > This question may seem a little strange, but don't hit me yet. :-) >=20 > I was just sitting here wanting to set up a new GELI-device when it > struck me: What should I encrypt exactly. If I were to use GBDE, the > usual concept is to encrpyt (only?) the actual partition ad2s1d. GELI > suggests to encrypt all of ad2. I guess I could partition the > pseudo-device then. Would I get something like ad2.gelis1d? >=20 > Does this have any advantages oder just encrypting the partition and if > so how important are these? >=20 You'll probably find the following talk interesting, which was given at EuroBSDCon and CCC last year: https://events.ccc.de/congress/2005/fahrplan/events/1139.en.html There's a link to the paper on that site as well. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --jho1yZJdad60DJr+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD6YnEbHYXjKDtmC0RAiQDAJ4050Irk54foOOAB6e9FvkQrzV3OACgovJJ ielpfuHcmnZkCkUhwNyIH44= =hTI3 -----END PGP SIGNATURE----- --jho1yZJdad60DJr+--