Date: Thu, 14 Sep 2000 08:34:39 -0600 (MDT) From: "Geoffrey T. Falk" <gtf@cirp.org> To: freebsd-fs@FreeBSD.ORG Subject: Re: AW: crypto fs? Message-ID: <200009141434.IAA03818@h-209-91-79-2.gen.cadvision.com> In-Reply-To: <200009141401.IAA03781@h-209-91-79-2.gen.cadvision.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14 Sep, I wrote: > A proper crypto filesystem would encrypt the blocks in the strategy() > routine. One could run a standard FFS directly on top of it. To clarify, obviously, I was thinking of implementing an encrypted device as a pseudo- block device, that maps to an existing partition. The passphrase could be set using an ioctl(). A main concern with crypto FS is keeping plaintext blocks from being swapped out. If you are following this approach, you would also encrypt your swap devices. The whole issue of crypto services in the kernel is one I would like to see developing. To my knowledge not even OpenBSD has gone this far. g. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009141434.IAA03818>