Transparent drive encryption now in FreeBSD
Greg Broiles
gbroiles at parrhesia.com
Mon Nov 11 15:17:27 PST 2002
At 04:22 PM 11/11/2002 -0500, Tyler Durden wrote:
>Sorry, I'm new, but does this refer to the notion of splitting up a
>document "holographically", and placing the various pieces of numerous
>servers throughout the 'Net? (Any one piece will probably not contain a
>complete copy of the information, and is encrypted too, sot that it is not
>possible to say that Server X holds forbidden piece of info Y.) Andas I
>remember, removal of any one (or multiple) pieces on varying servers will
>do nothing towards elimating that content from the Universe.
>
>Can any one confirm that this is more or less "Transparent Mass Sotage
>Encryption"?
It is not. See, e.g.,
<http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/bde/g_bde.c>,
which includes the following helpful summary -
>Add Geom Based Disk Encryption to the tree.
>
>This is an encryption module designed for to secure denial of access
>to the contents of "cold disks" with or without destruction activation.
>
>Major features:
>
> * Based on AES, MD5 and ARC4 algorithms.
> * Four cryptographic barriers:
> 1) Pass-phrase encrypts the master key.
> 2) Pass-phrase + Lock data locates master key.
> 3) 128 bit key derived from 2048 bit master key protects sector key.
> 3) 128 bit random single-use sector keys protect data payload.
> * Up to four different changeable pass-phrases.
> * Blackening feature for provable destruction of master key material.
> * Isotropic disk contents offers no information about sector contents.
> * Configurable destination sector range allows steganographic deployment.
>
>This commit adds the kernel part, separate commits will follow for the
>userland utility and documentation.
>
>This software was developed for the FreeBSD Project by Poul-Henning Kamp and
>NAI Labs, the Security Research Division of Network Associates, Inc. under
>DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
>research program.
>
>Many thanks to Robert Watson, CBOSS Principal Investigator for making this
>possible.
>
>Sponsored by: DARPA & NAI Labs.
.. so you could say it's more like PGPDisk for FreeBSD, if you wanted to
explain
it to a marketing drone somewhere.
--
Greg Broiles -- gbroiles at parrhesia.com -- PGP 0x26E4488c or 0x94245961
More information about the cypherpunks-legacy
mailing list