Date: Thu, 19 Feb 2015 14:09:16 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: Alfred Hegemeier <molybdanstahl-hh@yahoo.co.uk> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: freebsd-security Digest, Vol 522, Issue 1 Message-ID: <20150219220916.GF46794@funkthat.com> In-Reply-To: <2128122602.2736874.1424350240576.JavaMail.yahoo@mail.yahoo.com> References: <mailman.91.1424347202.85396.freebsd-security@freebsd.org> <2128122602.2736874.1424350240576.JavaMail.yahoo@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alfred Hegemeier wrote this message on Thu, Feb 19, 2015 at 12:50 +0000:
> just encrypt the whole hard drive with Geli.
> That's the only protection I see: everything passing through the controllers is encrypted - unless keyloggers are installed, which you best protect against completely firewalling the "core" system, andhaving jails to access the outer world.
> PCbsd already dumped complete auto hard drive encryption in their latest products - the automatic full HD encr was dumped when the Snowden stuff was revealed, I think with 10 release.So, I guess, they know why they removed it - makes it to secure.
>
> Which brings up an important question: how 'safe' is the encryption Geli, i.e. how can we know that developers are not on any agencies pay list ?Does that make sense what I am writing in your opinion ?
Having working on the AES-XTS code, and looked at the geli code to make
it go faster, it's good code.. I don't see any major issues w/ it
besides what is well know w/ using the various modes...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150219220916.GF46794>