Date: Mon, 13 Oct 2014 13:29:26 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-hackers@freebsd.org Subject: Re: GBDE not protecting the user Message-ID: <20141013132926.164cece9@gumby.homeunix.com> In-Reply-To: <20141011074412.GA9432@mail.michaelwlucas.com> References: <20141010215842.GA6717@mail.michaelwlucas.com> <20141011113008.705ba16d@X220.alogt.com> <20141011074412.GA9432@mail.michaelwlucas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 11 Oct 2014 03:44:12 -0400 Michael W. Lucas wrote: > On Sat, Oct 11, 2014 at 11:30:08AM +0800, Erich Dollansky wrote: > > Hi, > > > > On Fri, 10 Oct 2014 17:58:42 -0400 > > "Michael W. Lucas" <mwlucas@michaelwlucas.com> wrote: > > > > > [Tried questions@, no answer, and the code contains things I just > > > cannot trigger.] > > > > > just try geli. It works for me. What I like most is that you can > > have key and password on external media. No external media - no > > decyphering. > > GELI does not verify key destruction when the correct passphrase is > used. There are use cases where this is very important--e.g., finance. You can overwrite the geli metadata on the end of the provider with dd. Preferably the whole partition if you want to be sure because anyone that's ever had access to the disk could have copied the metadata. If you are going to use a passphrase I'd recommend geli which has password strengthening. > I'd really like to include GBDE in my FreeBSD storage book, but it > seems that it doesn't actually work. > > ==ml >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141013132926.164cece9>