Date: Sun, 9 Jun 2013 14:51:12 -0500 (CDT) From: Greg Rivers <gcr+freebsd-geom@tharned.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: Andrew Romero <lastpriot@gmail.com>, freebsd-geom@freebsd.org Subject: Re: geli external header (metadata) Message-ID: <alpine.BSF.2.00.1306091442080.80438@badger.tharned.org> In-Reply-To: <20130609182457.GB2468@garage.freebsd.pl> References: <51B31D42.2010801@gmail.com> <20130609182457.GB2468@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Jun 2013, Pawel Jakub Dawidek wrote: > On Sat, Jun 08, 2013 at 03:02:10PM +0300, Andrew Romero wrote: > > Hi all > > I made a patch to support of external header (metadata) on GEOM ELI (geli) > > > > System: FreeBSD 9-STABLE r250964 i386 > > > > geli patch - http://pastebin.com/UGpnMN19 > > regresion patch - http://pastebin.com/hJVkTpJZ > > I don't mean to discourage you, but every additional complexity comes at > risk and it case of GELI this is security risk. What is missing in your > work is explanation how it that useful for the users? How do you use it? > First I need to understand and be convinced that this functionality is > generally useful and thus is worth additional complexity and risk. > I can't speak for Mr Romero, but I imagine what he's after is plausible deniability. The GELI metadata on a volume unambiguously declares it to be encrypted data. Properly implemented, I think this could be a worthwhile enhancement for certain applications or circumstances where one may not wish to invite further scrutiny. -- Greg Rivers
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1306091442080.80438>