Date: Fri, 23 Oct 2015 20:20:19 +0000 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Martin Cracauer <cracauer@cons.org> Cc: Yonas Yanfa <yonas@fizk.net>, freebsd-current@freebsd.org Subject: Re: Depreciate and remove gbde Message-ID: <6216.1445631619@critter.freebsd.dk> In-Reply-To: <20151023192353.GA95611@cons.org> References: <56237623.5010702@fizk.net> <20151019234406.GA88752@cons.org> <CALJrc1xg%2BqN54EgUYae1CRF1QY-UsK25=_61z2b-c2tMQyxeJQ@mail.gmail.com> <20151023192353.GA95611@cons.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-------- In message <20151023192353.GA95611@cons.org>, Martin Cracauer writes: >If you want a secure filesystem I think that at this particular time >it would be entirely reasonable to use both gbde and geli stacked on >top of each other[...] Nobody is going to break through the GELI or GBDE crypto, they'll find their way to the keys instead, or more likely, jail you until you sing. But neither GELI og GBDE alone or together give you a secure filesystem. The very first requirement for a secure filesystem is that you can trust the computer it is mounted on. No commercially available smartphone, tablet, laptop, server or desktop computer can be trusted by the owner at this point in time. Want a secure filesystem ? First step is to mount it on RaspBerry or Beaglebone without network connectivity... But more importantly: There is no technical fix for lost privacy, that is a political problem, and it must be solved by political means. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6216.1445631619>