Date: Sun, 27 Jul 2003 17:56:23 +1200 From: John Stockdale <jstockdale@stanford.edu> To: freebsd-current@freebsd.org Subject: Feasibility/Practicality of using GBDE to facilitate encrypted swap, md, /tmp, filesystems Message-ID: <0D8BEE11-BFF7-11D7-B8B6-000393A6EB58@stanford.edu>
next in thread | raw e-mail | index | archive | help
Hopefully PHK has a chance to look this one over, but if anyone else has any thoughts I'll take any opinions I can get. ;) I was looking over the 5.2 TODO and got curious as to the changes intended for GBDE to allow integration into the fstab / boot-time mount procedure. Unfortunately I have a rather poor background in how the various FreeBSD subsystems interact, but was wondering if such boot-time mount ability could be used such that GBDE encrypted devices could be used to back the swap, /tmp, and other portions of the file system. It seems that initializing a GBDE device at boot with a random lock file key (or no lock file?) such that as soon as the GBDE dev is detached or the machine is rebooted all information on that partition is not recoverable. Not only would this give us encrypted swap that OpenBSD minions always laude over me ;) but also it seems like (specifically /tmp encryption) would combat the chances that copies of plain text files get left around. On a slightly related note, I currently have a script that allows the creation of a post boot encrypted md device, and am just using the -p option on initialization to feed GBDE a passphrase piped from /dev/random into md5. Is there any way to do such an initialization more securely? (such as not having to rely on the security of the shell or md5 along the way?) Thanks -John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0D8BEE11-BFF7-11D7-B8B6-000393A6EB58>