"Built-in crypto" is a big overstatement for OpenBSD. Unfortunately, Win 2000 has more built-in crypto than OpenBSD does. Hint: Try to create an encrypted FS on OpenBSD. [...]
dd if=/dev/zero of=diskimage bs=1024k count=1024 vnconfig -ck svnd0 diskimage [enter a passphrase] newfs /dev/svnd0c mount /dev/svnd0c /mnt
I am aware of that, but it's a hack, and it doesn't work well. For example, it has no way of detecting when you enter an incorrect password. Anyway, for an OS which prides itself on built-in crypto, why do we have to mess around with loopback? There are many FS features, such as being able to change read, write end execute perms for owner, group and root, which don't require a loopback FS. How is this any different from that? If it were really integrated crypto, I would be able to do mount -k /dev/sd0c and it would do the right thing. Even better, I would be prompted for a password during boot so it could boot from an encrypted fs. This is a glaring hole in OpenBSD's crypt-everywhere mantra.