Date: Fri, 29 Jul 2005 08:31:17 +0200 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Benjamin Lutz <benlutz@datacomm.ch> Cc: current@freebsd.org Subject: Re: GELI - disk encryption GEOM class committed. Message-ID: <92911.1122618677@phk.freebsd.dk> In-Reply-To: Your message of "Fri, 29 Jul 2005 03:09:13 %2B0200." <42E981B9.5060500@datacomm.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <42E981B9.5060500@datacomm.ch>, Benjamin Lutz writes: >Encryption Strength: > GBDE - Uses AES128 for data encryption, with a different key per > sector. Master key is encrypted using AES256 and stored on > 4 random locations on the disk. Access key is SHA2/512bit > hashed. Just a clarification: GBDE uses PRNG one-time-use per sector keys. >Speed: > GBDE - Runs in software. I actually have a version which uses crypto(9) hardware but the gain is a lot less than one would expect so I havn't completed it yet. >Booting from Encrypted Root: > GBDE - Doesn't say, probably doesn't work Correct doesn't work without some special handling. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?92911.1122618677>