Date: Mon, 24 Jul 2000 15:59:59 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Adrian Chadd <adrian@FreeBSD.ORG> Cc: Terje Elde <terje@elde.net>, Robert Watson <rwatson@FreeBSD.ORG>, Sheldon Hearn <sheldonh@uunet.co.za>, =?iso-8859-1?Q?Joachim_Str=F6mbergson?= <watchman@ludd.luth.se>, Greg Lewis <glewis@trc.adelaide.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: Status of FreeBSD security work? Audit, regression and crypto swap? Message-ID: <Pine.BSF.4.21.0007241556510.5736-100000@achilles.silby.com> In-Reply-To: <20000724210042.O62551@ywing.creative.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jul 2000, Adrian Chadd wrote: > Whats wrong with a bdev io layer like vinum/ccd which does crypto? > Then you could swap and filesystem to your block devices to your hearts > content with whatever filesystem you wanted? Encrypting at that low of a level wouldn't be very useful in the long run. For an encrypted filesystem to be truly useful, each user's files are encrypted with their own key. A partition-wide encryption doesn't protect anything if you get root hacked on your box. And a crypto swap should use as many keys as possible (see the openbsd implementation paper.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007241556510.5736-100000>