From owner-freebsd-current@freebsd.org Sat Oct 24 18:57:20 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2F46A1D32D for ; Sat, 24 Oct 2015 18:57:20 +0000 (UTC) (envelope-from sobomax@sippysoft.com) Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4A20412E7 for ; Sat, 24 Oct 2015 18:57:20 +0000 (UTC) (envelope-from sobomax@sippysoft.com) Received: by wicfv8 with SMTP id fv8so68939218wic.0 for ; Sat, 24 Oct 2015 11:57:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sippysoft_com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=lmO9tW/c/Jy0nwFhlLPdRLihaybHY83AkF2ZU3DPNsY=; b=pcY+NRvsUVuNzzOEQbYXE5a8Ea9EvRAvTtHhPfg4/hLKWvRWkrC/ocRX/WGjm3H0cn Oxf6/6TTq1x51FQwrP/dYzQGeB3BpiL3T9eCR3st0eAoK9dkXDjYrKDyv/8hak4EFf4D 48WR+W3MWrNtI8uBnNE1fkJIrDluY9fXwUi8kI12K3hzqbuUslNydRVmhqzj1iRdqjrK E3j0HofocYJoB0F+/BY+bIi6cR7btT6pqogDxXadsDAvPy33LDCR08CGXkNCMBQGjA3/ m4QSr25AUtoCM2KuZMiJ9abWlYVz8PqxQ6NanhYA79kNIfIwszi2azSk01saSYNGsCfi KPSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=lmO9tW/c/Jy0nwFhlLPdRLihaybHY83AkF2ZU3DPNsY=; b=XhICzKMH47AibMEMYeNbs19jB+s9XumC4+WqP26iYvWyDByq21OCgxU7paT/q3UxF9 ZISsc06Cymb9faGqJZwDFh8fiSEjGL5PjLvaAbHxYwy1uKysq/dbQN+b+Bxk+tUQ7vEL nLi+jC62n+UNVQoIa2YT4s/EQjOmnPKQHSOql/BMJfb80baRjIt9EyOR3wYMDlC6Dop9 5DazyxuDTwNJH6q2XI3AnlxQ9x9uk+QHFn6yskKs8pYD84xycw0iX5XE2Qr+uFFSojrX Jc5HlyBn3vkMEZfVMf2KouAPYfWwint5CNqQKOtzaH6W9L3eDLPkri3VcmF6j0bKYJVF LESg== X-Gm-Message-State: ALoCoQkAEz0QlSoD1yA2251RUWAgx0ub1C7pvCLK5wcnmo4Q8NSaBsi0hLKeitrefkXKv4d+/Exk MIME-Version: 1.0 X-Received: by 10.180.39.162 with SMTP id q2mr11740957wik.12.1445713037442; Sat, 24 Oct 2015 11:57:17 -0700 (PDT) Sender: sobomax@sippysoft.com Received: by 10.27.11.228 with HTTP; Sat, 24 Oct 2015 11:57:17 -0700 (PDT) In-Reply-To: <201510241559.t9OFwsiF078038@fire.js.berklix.net> References: <6216.1445631619@critter.freebsd.dk> <201510241559.t9OFwsiF078038@fire.js.berklix.net> Date: Sat, 24 Oct 2015 11:57:17 -0700 X-Google-Sender-Auth: N_bOOqJWRCJJshdKJWnBNM2brQQ Message-ID: Subject: Re: Depreciate and remove gbde From: Maxim Sobolev To: "Julian H. Stacey" Cc: freebsd-current@freebsd.org, Martin Cracauer , Yonas Yanfa , Poul-Henning Kamp Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Oct 2015 18:57:20 -0000 For what's worth we are using modded GBDE in one of the products to provide copy protection for the firmware and encryption of user's data. GELI is nice, but it's way much more end-user oriented. Also GBDE code is very stable, which may look bad from somebody using it to protect his pr0n collection, but from the PoV of us as ISV we have very little trouble porting our changes from FreeBSD 6 that we've started with originally to 7, 8, 9 and the FreeBSD 11 today. I would be really sorry to see it nuked from the FreeBSD without any good technical reason. Just my CAD0.02c. On Sat, Oct 24, 2015 at 8:58 AM, Julian H. Stacey wrote: > > >If you want a secure filesystem I think that at this particular time > > >it would be entirely reasonable to use both gbde and geli stacked on > > >top of each other[...] > > I've often wondered if multiple encryption (CPU permitting) is sensible in > case one day some method is cracked but another stays secure. > There's been recent discussions on cracking algorithms at > http://lists.gnupg.org/pipermail/gnupg-users/2015-October/054586.html > > I see man geli has: > Supports many cryptographic algorithms (currently AES-XTS, > AES-CBC, Blowfish-CBC, Camellia-CBC and 3DES-CBC). > NAME section of man 1 gbde & geli both ref. GEOM. > Skimming man 1 4 8 gbde geom I'm not sure how gbde compares. > > > > Nobody is going to break through the GELI or GBDE crypto, they'll > > find their way to the keys instead, or more likely, jail you until > > you sing. > > Yes, if 'they' are physicaly present government, criminals etc. > > Encryption (& perhaps multiple encryption) is nice against eg > - sneak thieves/ industrial spies/ remote hostile governments, > - where one must sometimes share root with others. > - scanners remote or local > (Scanners could be hidden in BLOBs. Anyone else worry how many > binary BLOBs are in FreeBSD, especially ports/ ? I started a > list a couple of years back, got scared how many, then stopped > after I realised a list was not maintainable & better to add a > BLOB_HAZARD= label to ports Makefiles, but no one seemed interested ). > - Casual physical loss: > - My brother's USB stick fell off its plastic retainer to key ring, > picture: http://www.conrad.de/ce/de/product/417197/ > - Small shiney USB sticks on desk could be attractive like jewelery > to birds such as magpies (`Elster' fly here, I stopped one thieving > a shiney foil wrapped bar, a lot heavier & bigger than a USB stick). > > My data is long encrypted, I'll buy phk@ a beer if we meet somewhere :-) > > Cheers, > Julian > -- > Julian Stacey, BSD Linux Unix Sys. Eng. Consultant Munich > http://berklix.com > Reply After previous text to preserve context, as in a play script. > Indent previous text with > Insert new lines before 80 chars. > Use plain text, Not quoted-printable, Not HTML, Not base64, Not MS.doc. > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > >