Date: Mon, 24 Jul 2000 21:00:42 +0200 From: Adrian Chadd <adrian@FreeBSD.ORG> To: Terje Elde <terje@elde.net> Cc: Robert Watson <rwatson@FreeBSD.ORG>, Sheldon Hearn <sheldonh@uunet.co.za>, =?iso-8859-1?Q?Joachim_Str=F6mbergson?= <watchman@ludd.luth.se>, Greg Lewis <glewis@trc.adelaide.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: Status of FreeBSD security work? Audit, regression and crypto swap? Message-ID: <20000724210042.O62551@ywing.creative.net.au> In-Reply-To: <20000720124805.D70017@dlt.follo.net>; from terje@elde.net on Thu, Jul 20, 2000 at 12:48:05PM %2B0200 References: <Pine.BSF.4.21.0007181838570.28415-100000@achilles.silby.com> <Pine.NEB.3.96L.1000719165025.73365A-100000@fledge.watson.org> <20000720124805.D70017@dlt.follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 20, 2000, Terje Elde wrote: > > Personally, my big fear is my notebook computer. I can encrypt data on it > > using command line tools, but I'd much rather see a device layer that I > > can use to protect both swap and sensitive partitions. Swap could use a > > randomized key, and mounting of data partitions could rely on a > > user-provided key for the device layer. A crypto-fs might be more fun, > > but if we have the facility to layer device access, we might as well use > > that for a quicky solution. It's easy for someone to walk off with > > personal computing devices -- in the office, at home, at the airport, ... > > For a "ugly hack, but up and running today" kinda solution, you could always > do what I do... Use cfs (yes, the software tcfs is based on is running under > freebsd, and is available in the ports collection) for your file systems, then > swap to a file, on one of the encrypted file systems. > > It's not a pretty sight, but it does the job. Whats wrong with a bdev io layer like vinum/ccd which does crypto? Then you could swap and filesystem to your block devices to your hearts content with whatever filesystem you wanted? Adrian -- Adrian Chadd Now 17-year-olds can't play a _video game_ <adrian@FreeBSD.org> because its called violent - and real violence is still called dinner. -- jamie@mccarthy.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000724210042.O62551>