openbsd encrypted fs
zem
zem at zip.com.au
Wed Oct 24 18:41:37 PDT 2001
On Tue, 23 Oct 2001, Bill Stewart wrote:
> At 01:38 PM 10/23/2001 +1000, zem wrote:
> >On 23 Oct 2001, Dr. Evil wrote:
> > > > vnconfig -ck svnd0 diskimage
>
> I don't have a BSD system around to check -
> what does this approach do?
Create a loopback device. "-k" means encrypt - cipher is blowfish,
there's no way to change it. After vnconfig, /dev/svnd0 becomes a block
device; use newfs and mount as with any partition.
Here's the man page:
http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig
> Is Dr. Evil's concern with loopback just the speed?
> (Plus the ugly minimal user interface, which is a job for a script.)
> Machines are enough faster these days that I'd think the
> only places that's a big hit, other than database apps,
> are swap space, and you can mostly fix that by buying enough RAM.
The performance hit is acceptable, it's much faster than CFS. OpenBSD's
encrypted swap uses the same mechanism.
> >It's worth noting their primary goal is network security, not crypto.
> >Rubber hoses don't factor significantly in their threat model.
>
> Laptop theft belongs in *most* security models.
Agreed.
--
mailto:zem at zip.com.au F289 2BDB 1DA0 F4C4 DC87 EC36 B2E3 4E75 C853 FD93
http://zem.squidly.org/ "I'm invisible, I'm invisible, I'm invisible.."
More information about the cypherpunks-legacy
mailing list