Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 27 Jul 2003 17:56:23 +1200
From:      John Stockdale <jstockdale@stanford.edu>
To:        freebsd-current@freebsd.org
Subject:   Feasibility/Practicality of using GBDE to facilitate encrypted swap, md, /tmp, filesystems
Message-ID:  <0D8BEE11-BFF7-11D7-B8B6-000393A6EB58@stanford.edu>

next in thread | raw e-mail | index | archive | help
Hopefully PHK has a chance to look this one over, but if anyone else 
has any thoughts I'll take any opinions I can get. ;)

I was looking over the 5.2 TODO and got curious as to the changes 
intended for GBDE to allow integration into the fstab / boot-time mount 
procedure. Unfortunately I have a rather poor background in how the 
various FreeBSD subsystems interact, but was wondering if such 
boot-time mount ability could be used such that GBDE encrypted devices 
could be used to back the swap, /tmp, and other portions of the file 
system. It seems that initializing a GBDE device at boot with a random 
lock file key (or no lock file?) such that as soon as the GBDE dev is 
detached or the machine is rebooted all information on that partition 
is not recoverable. Not only would this give us encrypted swap that 
OpenBSD minions always laude over me ;) but also it seems like 
(specifically /tmp encryption) would combat the chances that copies of 
plain text files get left around.

On a slightly related note, I currently have a script that allows the 
creation of a post boot encrypted md device, and am just using the -p 
option on initialization to feed GBDE a passphrase piped from 
/dev/random into md5. Is there any way to do such an initialization 
more securely? (such as not having to rely on the security of the shell 
or md5 along the way?)

Thanks

-John



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0D8BEE11-BFF7-11D7-B8B6-000393A6EB58>