Transparent drive encryption now in FreeBSD

Greg Broiles gbroiles at parrhesia.com
Mon Nov 11 15:17:27 PST 2002 

At 04:22 PM 11/11/2002 -0500, Tyler Durden wrote:
>Sorry, I'm new, but does this refer to the notion of splitting up a 
>document "holographically", and placing the various pieces of numerous 
>servers throughout the 'Net? (Any one piece will probably not contain a 
>complete copy of the information, and is encrypted too, sot that it is not 
>possible to say that Server X holds forbidden piece of info Y.) Andas I 
>remember, removal of any one (or multiple) pieces on varying servers will 
>do nothing towards elimating that content from the Universe.
>
>Can any one confirm that this is more or less "Transparent Mass Sotage 
>Encryption"?

It is not. See, e.g., 
<http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/bde/g_bde.c>,
which includes the following helpful summary -

>Add Geom Based Disk Encryption to the tree.
>
>This is an encryption module designed for to secure denial of access
>to the contents of "cold disks" with or without destruction activation.
>
>Major features:
>
>    * Based on AES, MD5 and ARC4 algorithms.
>    * Four cryptographic barriers:
>         1) Pass-phrase encrypts the master key.
>         2) Pass-phrase + Lock data locates master key.
>         3) 128 bit key derived from 2048 bit master key protects sector key.
>         3) 128 bit random single-use sector keys protect data payload.
>    * Up to four different changeable pass-phrases.
>    * Blackening feature for provable destruction of master key material.
>    * Isotropic disk contents offers no information about sector contents.
>    * Configurable destination sector range allows steganographic deployment.
>
>This commit adds the kernel part, separate commits will follow for the
>userland utility and documentation.
>
>This software was developed for the FreeBSD Project by Poul-Henning Kamp and
>NAI Labs, the Security Research Division of Network Associates, Inc.  under
>DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
>research program.
>
>Many thanks to Robert Watson, CBOSS Principal Investigator for making this
>possible.
>
>Sponsored by:   DARPA & NAI Labs.

.. so you could say it's more like PGPDisk for FreeBSD, if you wanted to 
explain
it to a marketing drone somewhere.


--
Greg Broiles -- gbroiles at parrhesia.com -- PGP 0x26E4488c or 0x94245961

More information about the cypherpunks-legacy mailing list