From owner-freebsd-hackers@FreeBSD.ORG Mon Jan 26 19:37:01 2015 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4C0FA7AB for ; Mon, 26 Jan 2015 19:37:01 +0000 (UTC) Received: from mail.michaelwlucas.com (mail.michaelwlucas.com [108.61.84.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 08AF9145 for ; Mon, 26 Jan 2015 19:37:00 +0000 (UTC) Received: from mail.michaelwlucas.com (localhost [127.0.0.1]) by mail.michaelwlucas.com (8.14.7/8.14.7) with ESMTP id t0QJapqe060382; Mon, 26 Jan 2015 14:36:51 -0500 (EST) (envelope-from mwlucas@mail.michaelwlucas.com) Received: (from mwlucas@localhost) by mail.michaelwlucas.com (8.14.7/8.14.7/Submit) id t0QJaohD060381; Mon, 26 Jan 2015 14:36:50 -0500 (EST) (envelope-from mwlucas) Date: Mon, 26 Jan 2015 14:36:50 -0500 From: "Michael W. Lucas" To: John-Mark Gurney Subject: Re: GBDE not protecting the user Message-ID: <20150126193650.GA60343@mail.michaelwlucas.com> References: <20141010215842.GA6717@mail.michaelwlucas.com> <20141011113008.705ba16d@X220.alogt.com> <20141011074412.GA9432@mail.michaelwlucas.com> <20150126182643.GE27103@funkthat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150126182643.GE27103@funkthat.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.michaelwlucas.com X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mail.michaelwlucas.com [127.0.0.1]); Mon, 26 Jan 2015 14:36:52 -0500 (EST) Cc: hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2015 19:37:01 -0000 On Mon, Jan 26, 2015 at 10:26:43AM -0800, John-Mark Gurney wrote: > Michael W. Lucas wrote this message on Sat, Oct 11, 2014 at 03:44 -0400: > > I'd really like to include GBDE in my FreeBSD storage book, but it > > seems that it doesn't actually work. > > You should include that gbde does not use any AES-NI acceleration, so > if you need performance and you have crypto acceleration in your machine, > then the only option in geli... Every time I publish a book, an interesting fact comes up right after the book is out in the world. An interesting fact that would have been perfect for the book, were it not for the book being published and out. And FM:SE's winner is... JMG! Seriously, the material on GBDE is all about protecting the user, and mostly smaller partitions. Nothing in there about FDE, high performance, or anything like that. GBDE is a really cool tool for a really unpleasant use case that nobody else covers so well. But now I'm wondering if you can hide GBDE partitions inside GELI providers. Hmmm... ==ml -- Michael W. Lucas - mwlucas@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/