Date: Wed, 30 Jun 2010 17:44:46 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Tim Gustafson <tjg@soe.ucsc.edu> Cc: freebsd-questions@freebsd.org Subject: Re: fusefs-cryptofs vs fusefs-cryptofs Message-ID: <4C2B747E.3060500@infracaninophile.co.uk> In-Reply-To: <277645537.336611277914282937.JavaMail.root@mail-01.cse.ucsc.edu> References: <277645537.336611277914282937.JavaMail.root@mail-01.cse.ucsc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 30/06/2010 17:11:22, Tim Gustafson wrote: > I was wondering if anyone could offer any personal experience with > using either fusefs-cryptofs or fusefs-cryptofs. > > I'm going to be bringing a FreeBSD OpenLDAP server online soon and I > need to have the contents of the OpenLDAP database encrypted in the > event of a physical security breach, and so I need a reliable and > efficient disk encryption scheme to handle that. I was thinking of > encrypting /var/db/openldap using either fusefs-cryptofs or > fusefs-cryptofs, but I'm not sure which would be better to use for > this sort of application. On FreeBSD, this is spelled GELI (or GBDE, but I think geli is slightly better). Native filesystem level encryption -- rather more efficient than something like fuse, needs no extra software installed, very secure. See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwrdH4ACgkQ8Mjk52CukIwA/QCfRO9PuHzVXQpoqNkrtob2WM07 fL8AmwRfLVE0fEVSGk1BZeMOnBxLW1t3 =jZk0 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C2B747E.3060500>