GBDE not protecting the user
RW
rwmaillists at googlemail.com
Mon Oct 13 12:29:36 UTC 2014
On Sat, 11 Oct 2014 03:44:12 -0400
Michael W. Lucas wrote:
> On Sat, Oct 11, 2014 at 11:30:08AM +0800, Erich Dollansky wrote:
> > Hi,
> >
> > On Fri, 10 Oct 2014 17:58:42 -0400
> > "Michael W. Lucas" <mwlucas at michaelwlucas.com> wrote:
> >
> > > [Tried questions@, no answer, and the code contains things I just
> > > cannot trigger.]
> > >
> > just try geli. It works for me. What I like most is that you can
> > have key and password on external media. No external media - no
> > decyphering.
>
> GELI does not verify key destruction when the correct passphrase is
> used. There are use cases where this is very important--e.g., finance.
You can overwrite the geli metadata on the end of the provider with dd.
Preferably the whole partition if you want to be sure because anyone
that's ever had access to the disk could have copied the metadata.
If you are going to use a passphrase I'd recommend geli which has
password strengthening.
> I'd really like to include GBDE in my FreeBSD storage book, but it
> seems that it doesn't actually work.
>
> ==ml
>
More information about the freebsd-hackers
mailing list