openbsd encrypted fs
Bill Stewart
bill.stewart at pobox.com
Tue Oct 23 09:07:47 PDT 2001
At 01:38 PM 10/23/2001 +1000, zem wrote:
>On 23 Oct 2001, Dr. Evil wrote:
> > > vnconfig -ck svnd0 diskimage
I don't have a BSD system around to check -
what does this approach do?
> > Anyway, for an OS which prides itself on built-in crypto,
> > why do we have to mess around with loopback? ...
>Can you describe a scenario under which an encrypted fs is valuable enough
>to justify typing one command, but not two? OpenBSD's target audience is
>not exactly clueless newbies.
>Or is speed so important that you'd sacrifice security? Any encrypted fs
>will take a performance hit; I think you'll find loopback overhead is
>insignificant next to the crypto.
Is Dr. Evil's concern with loopback just the speed?
(Plus the ugly minimal user interface, which is a job for a script.)
Machines are enough faster these days that I'd think the
only places that's a big hit, other than database apps,
are swap space, and you can mostly fix that by buying enough RAM.
>Is booting from an encrypted fs ever useful? Use read-only media if
>tampering is a concern. Configure and mount other encrypted filesystems
>from /etc/rc. If you can install and maintain OpenBSD, you can manage
If you've got applications that insist on putting data in /etc or /var,
or for log files in general, you have to be careful about the order the
system starts in. And if you're worried about people seeing your config files
that might show who you communicate with, you could go paranoid about this.
IPSEC secrets may be a concern, if stealing/cloning the disk lets someone
forge your identity.
>It's worth noting their primary goal is network security, not crypto.
>Rubber hoses don't factor significantly in their threat model.
Laptop theft belongs in *most* security models.
More information about the cypherpunks-legacy
mailing list