Date: Fri, 15 Sep 2000 09:18:04 +0400 (MSD) From: "Vladimir B. Grebenschikov" <vova@express.ru> To: "Geoffrey T. Falk" <gtf@cirp.org> Cc: freebsd-fs@FreeBSD.ORG Subject: Re: AW: crypto fs? Message-ID: <14785.45324.164570.436002@vbook.express.ru> In-Reply-To: <200009141434.IAA03818@h-209-91-79-2.gen.cadvision.com> References: <200009141401.IAA03781@h-209-91-79-2.gen.cadvision.com> <200009141434.IAA03818@h-209-91-79-2.gen.cadvision.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Geoffrey T. Falk writes: > On 14 Sep, I wrote: > > A proper crypto filesystem would encrypt the blocks in the strategy() > > routine. One could run a standard FFS directly on top of it. > > To clarify, obviously, I was thinking of implementing an encrypted > device as a pseudo- block device, that maps to an existing partition. > The passphrase could be set using an ioctl(). May be portalfs helps you ? (man mount_portalfs) > A main concern with crypto FS is keeping plaintext blocks from being > swapped out. If you are following this approach, you would also encrypt > your swap devices. > > The whole issue of crypto services in the kernel is one I would like to > see developing. To my knowledge not even OpenBSD has gone this far. > > g. > -- TSB Russian Express, Moscow Vladimir B. Grebenschikov, vova@express.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14785.45324.164570.436002>