Date: Sat, 24 Oct 2015 17:58:54 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: freebsd-current@freebsd.org Cc: Martin Cracauer <cracauer@cons.org>, Yonas Yanfa <yonas@fizk.net>, "Poul-Henning Kamp" <phk@phk.freebsd.dk> Subject: Re: Depreciate and remove gbde Message-ID: <201510241559.t9OFwsiF078038@fire.js.berklix.net> In-Reply-To: Your message "Fri, 23 Oct 2015 20:20:19 -0000." <6216.1445631619@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> >If you want a secure filesystem I think that at this particular time > >it would be entirely reasonable to use both gbde and geli stacked on > >top of each other[...] I've often wondered if multiple encryption (CPU permitting) is sensible in case one day some method is cracked but another stays secure. There's been recent discussions on cracking algorithms at http://lists.gnupg.org/pipermail/gnupg-users/2015-October/054586.html I see man geli has: Supports many cryptographic algorithms (currently AES-XTS, AES-CBC, Blowfish-CBC, Camellia-CBC and 3DES-CBC). NAME section of man 1 gbde & geli both ref. GEOM. Skimming man 1 4 8 gbde geom I'm not sure how gbde compares. > Nobody is going to break through the GELI or GBDE crypto, they'll > find their way to the keys instead, or more likely, jail you until > you sing. Yes, if 'they' are physicaly present government, criminals etc. Encryption (& perhaps multiple encryption) is nice against eg - sneak thieves/ industrial spies/ remote hostile governments, - where one must sometimes share root with others. - scanners remote or local (Scanners could be hidden in BLOBs. Anyone else worry how many binary BLOBs are in FreeBSD, especially ports/ ? I started a list a couple of years back, got scared how many, then stopped after I realised a list was not maintainable & better to add a BLOB_HAZARD= label to ports Makefiles, but no one seemed interested ). - Casual physical loss: - My brother's USB stick fell off its plastic retainer to key ring, picture: http://www.conrad.de/ce/de/product/417197/ - Small shiney USB sticks on desk could be attractive like jewelery to birds such as magpies (`Elster' fly here, I stopped one thieving a shiney foil wrapped bar, a lot heavier & bigger than a USB stick). My data is long encrypted, I'll buy phk@ a beer if we meet somewhere :-) Cheers, Julian -- Julian Stacey, BSD Linux Unix Sys. Eng. Consultant Munich http://berklix.com Reply After previous text to preserve context, as in a play script. Indent previous text with > Insert new lines before 80 chars. Use plain text, Not quoted-printable, Not HTML, Not base64, Not MS.doc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201510241559.t9OFwsiF078038>