From owner-freebsd-questions@FreeBSD.ORG Wed Jan 19 00:55:09 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E7DB2106566B for ; Wed, 19 Jan 2011 00:55:08 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 768458FC18 for ; Wed, 19 Jan 2011 00:55:08 +0000 (UTC) Received: by wwf26 with SMTP id 26so251047wwf.31 for ; Tue, 18 Jan 2011 16:55:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:date:from:to:subject:message-id:in-reply-to :references:x-mailer:mime-version:content-type :content-transfer-encoding; bh=A5u5bTcXclEovi7tHC63P/qTSm9BwhSm44ZlCJ9C52I=; b=b8g98wjZJ/IK3VyevH8fVdBn0elx4bzquQJmu7b2vQpqdkAUpj/aHNXbsXuxoTNXdT a9Mz90T1/aR3/+fuM2lApK63GqYJM6ZAgiPZlo5JwFrVkRRdKa7Zv/jSlDlLuELdv8xe wZNTPgIGPTVefp+DAPNKdbnRywgL48mbQ44zQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=OjrP0DIrbPbmSx+g7OqtdRW/qHOQVvdbsvgDlFznzOv9zYweIZ1jj20z1h0d4kDvmc FSLf0mWr+6t1LdAOeUeBKcFPEqpTjkC1z22oIBMES3gr1yvbsN8Fk//GRdq8uSUE2/gO 2fuOj4BunUldVnoxzBiaUbUY0bUGVOAKMZU74= Received: by 10.227.144.194 with SMTP id a2mr28893wbv.94.1295398507339; Tue, 18 Jan 2011 16:55:07 -0800 (PST) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk [87.194.105.247]) by mx.google.com with ESMTPS id s9sm4123174wby.16.2011.01.18.16.55.05 (version=SSLv3 cipher=RC4-MD5); Tue, 18 Jan 2011 16:55:06 -0800 (PST) Date: Wed, 19 Jan 2011 00:55:02 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20110119005502.2de3fd01@gumby.homeunix.com> In-Reply-To: <20110118161040.GC76347@libertas.local.camdensoftware.com> References: <4D34A6EF.30600@alokat.org> <20110117225308.GA40523@slackbox.erewhon.net> <20110118070719.GA51692@slackbox.erewhon.net> <20110118161040.GC76347@libertas.local.camdensoftware.com> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; i386-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: harddrive encryption X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2011 00:55:09 -0000 On Tue, 18 Jan 2011 08:10:40 -0800 Chip Camden wrote: > It seems prudent to me to reduce the attack surface to that which > really needs to be defended -- "When you defend everything, you > defend nothing". Not to mention avoiding the overhead of encrypting > OS files. I don't think the plain text is really much of an issue. AFAIK the kinds of attack that use large amounts of plaintext are relatively sophisticated and yield only small amounts of information. Most people only need to worry about passphrase attacks. There are two main advantages to full disk encryption. One is that the non-encrypted part can be kept on a memory stick, which is easier to keep secure. This makes it impractical for an attacker to install modified software while geli is detached - although you are still vulnerable to hardware and firmware modifications. The other main advantage is that it prevents information leakage. If you just encrypt data, you should also give some thought encrypting the swap partition with a one-time key and using tmpfs. There's also /var/tmp which may be mitigated by setting appropriate environment variables to keep user data in home directories. Private information may leak through log or cache files. Some people think it's easier and safer to encrypt the lot. > What do you folks think of the relative merits of AES vs Blowfish for > disk encryption? At the higher levels of paranoia Blowfish's 64 bit block size is a cause for concern, but unless you are going up against serious crypto-analysis I doubt it matters much. However you may need to take account of performance. My fairly old cpu uses 100% of it's single core copying large files between geli partitions. Journalling makes things even worse. If you have cores and cycles to spare you probably wont notice, but it's still there. Blowfish is faster than AES, but some CPUs may be able to offload AES to hardware accelerators.