Date: Tue, 18 Jan 2011 08:10:40 -0800 From: Chip Camden <chip.camden@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: harddrive encryption Message-ID: <20110118161040.GC76347@libertas.local.camdensoftware.com> In-Reply-To: <20110118070719.GA51692@slackbox.erewhon.net> References: <4D34A6EF.30600@alokat.org> <20110117225308.GA40523@slackbox.erewhon.net> <AANLkTinruOxi_1FFDZzfhSojk1u%2B_XfGsJkDiSbMOuMW@mail.gmail.com> <20110118070719.GA51692@slackbox.erewhon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--7qSK/uQB79J36Y4o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoth Roland Smith on Tuesday, 18 January 2011: > On Mon, Jan 17, 2011 at 10:05:53PM -0700, Modulok wrote: > > On 1/17/11, Roland Smith <rsmith@xs4all.nl> wrote: > > > On Mon, Jan 17, 2011 at 09:30:39PM +0100, Alokat wrote: > > >> Hi, > > >> > > >> is it possible to encrypt my full harddrive (excluding /boot) during= a > > >> freebsd installation. Or do I have to do this after the installation > > >> manually? > > > > > > Currently you have to do it manually afterwards. > > > > > > Personally, I would not bother encrypting the OS data; there is nothi= ng > > > secret > > > there, and it does have a performance impact. Plus it would provide a= mple > > > material for a known-plaintext attack! > > > > >=20 > > Modern ciphers such as AES are not susceptible to known plaintext > > attacks. >=20 > That is indeed what it says on > http://en.wikipedia.org/wiki/Known-plaintext_attack. But without any > source or other justification. In this case, I'd say [citation needed]! >=20 > At one time Enigma and DES were regarded as unbreakable. :-)=20 >=20 > Roland > --=20 > R.F.Smith http://www.xs4all.nl/~rsmith/ > [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] > pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) It seems prudent to me to reduce the attack surface to that which really needs to be defended -- "When you defend everything, you defend nothing". Not to mention avoiding the overhead of encrypting OS files. What do you folks think of the relative merits of AES vs Blowfish for disk encryption? --=20 Sterling (Chip) Camden | sterling@camdensoftware.com | 2048D/3A978E4F http://chipsquips.com | http://camdensoftware.com | http://chipstips.com --7qSK/uQB79J36Y4o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iQEcBAEBAgAGBQJNNbuAAAoJEIpckszW26+Rih8H/0+xqu+TUVyLRWp9a1kcIxNz U0FySq5DrJ5rlKXsFoh17j68NbeR1Gnt+Bng0qiM7VvOcuJephjckO97sInB3aZk FQL0uCye64hQkn6ooYob/muVHPkrwSH3MWRY0hJe8PzUtTFhCGdH4hLIx7JShDWR emwt2mPER+NgmAcVQ8zkgn57dy/vRnqJk91GC+m/Uas+MZNTlB4lJVy15tBulCuE dV7FnauLIkV4Yj9x5giy+RRG4S14GUU6yzhTTIG4/nMNmqGyAQd5YNHJT2jJ+16A cRfD1kKzoDkqgD87P5cuKFkwIIQ9kysnQ9dopHpbjfiRAKJU/k2Xfes7iKccC6Q= =pXr0 -----END PGP SIGNATURE----- --7qSK/uQB79J36Y4o--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110118161040.GC76347>