Should I use gbde or geli?

Alexander Leidinger Alexander at Leidinger.net
Sun Jan 29 07:43:01 PST 2006 

On Sun, 29 Jan 2006 12:10:34 +0100 (CET)
Christian Baer <christian.baer at informatik.uni-dortmund.de> wrote:

> One of the aces we may have is the fact that noone (including the
> employees) will know that the information is encrypted. This way a theft

Too late now. You already revealed this information into the public.
Google will be able to tell the well prepared burglar about this.

> could look more promising and if it succeeds the thief will find out
> that what he stole is worthless (apart from the hardware itself).

> We have been talking of AES all the time. How secure is blowfish? It's
> open source but not too well analysed so far. Can you say something
> about that. I have a problem trusting something that the NSA suggests,
> as there is always the possibility of a flaw in that. I know, some wild
> conspiricy, but worth a consideration at least.

AFAIR Blowfish was one the main algorithms which had a lot of potential
to get the AES sign, but in the end Rijndael won. I think it won
because of some resource aspects, not because of security aspects. But
I may be wrong with this.

> > You need to take into account the likelihood of the alarm system false
> > triggering or a burglar stealing the computer without setting off the
> > alarm.  You might find it easier to protect the master keys with a
> > (volatile) passphrase and rely on adequate protection of the
> > passphrase.  (You might also consider looking up "secret sharing"
> > "threshold system").
> 
> I'm not really sure where you're going with this volatile pass-phrase.
> Both gbde and geli (AFAIK) don't save the pass-phrase on the disc. So
> they are by definition volatile. If some burglar were to steal the
> computer it most likely would be cut off from power. This way the discs
> would be "cold" and the information safe. The bigger risk would be the
> burglar copying the information.
> 
> Or am I missing the point here?

Think about one-time passwords.

Bye,
Alexander.

-- 
Actually, Microsoft is sort of a mixture between the Borg and the Ferengi.
http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7
WL http://www.amazon.de/exec/obidos/registry/1FZ4DTHQE9PQ8/ref=wl_em_to/

More information about the freebsd-security mailing list