Date: Sun, 29 Jan 2006 16:42:55 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: Christian Baer <christian.baer@informatik.uni-dortmund.de> Cc: freebsd-security@freebsd.org Subject: Re: Should I use gbde or geli? Message-ID: <20060129164255.32d7722a@Magellan.Leidinger.net> In-Reply-To: <dri7ra$1ouq$1@nermal.rz1.convenimus.net> References: <drgdg9$1klu$9@nermal.rz1.convenimus.net> <20060129022943.GJ2341@turion.vk2pj.dyndns.org> <dri7ra$1ouq$1@nermal.rz1.convenimus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 29 Jan 2006 12:10:34 +0100 (CET) Christian Baer <christian.baer@informatik.uni-dortmund.de> wrote: > One of the aces we may have is the fact that noone (including the > employees) will know that the information is encrypted. This way a theft Too late now. You already revealed this information into the public. Google will be able to tell the well prepared burglar about this. > could look more promising and if it succeeds the thief will find out > that what he stole is worthless (apart from the hardware itself). > We have been talking of AES all the time. How secure is blowfish? It's > open source but not too well analysed so far. Can you say something > about that. I have a problem trusting something that the NSA suggests, > as there is always the possibility of a flaw in that. I know, some wild > conspiricy, but worth a consideration at least. AFAIR Blowfish was one the main algorithms which had a lot of potential to get the AES sign, but in the end Rijndael won. I think it won because of some resource aspects, not because of security aspects. But I may be wrong with this. > > You need to take into account the likelihood of the alarm system false > > triggering or a burglar stealing the computer without setting off the > > alarm. You might find it easier to protect the master keys with a > > (volatile) passphrase and rely on adequate protection of the > > passphrase. (You might also consider looking up "secret sharing" > > "threshold system"). > > I'm not really sure where you're going with this volatile pass-phrase. > Both gbde and geli (AFAIK) don't save the pass-phrase on the disc. So > they are by definition volatile. If some burglar were to steal the > computer it most likely would be cut off from power. This way the discs > would be "cold" and the information safe. The bigger risk would be the > burglar copying the information. > > Or am I missing the point here? Think about one-time passwords. Bye, Alexander. -- Actually, Microsoft is sort of a mixture between the Borg and the Ferengi. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 WL http://www.amazon.de/exec/obidos/registry/1FZ4DTHQE9PQ8/ref=wl_em_to/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060129164255.32d7722a>