Date: Sun, 29 Jan 2006 13:29:43 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Christian Baer <christian.baer@informatik.uni-dortmund.de> Cc: freebsd-security@freebsd.org Subject: Re: Should I use gbde or geli? Message-ID: <20060129022943.GJ2341@turion.vk2pj.dyndns.org> In-Reply-To: <drgdg9$1klu$9@nermal.rz1.convenimus.net> References: <drgdg9$1klu$9@nermal.rz1.convenimus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2006-Jan-28 19:34:49 +0100, Christian Baer wrote: >For a friend of mine I am thinking up a fileserver for his own little >company that contains *very* sensitive information (mainly stuff that is >still in developement or on the way of a patent or something like that). Security is not an absolute - it's a cost/benefit analysis. Your friend needs to consider the value of his data, who is likely to want to steal it and what resources they have available. I suggest you have a read of some of (eg) Bruce Schneier's recent books. >Attempts have been made to get at this data the "hard way". The only >thing that hasn't happened so far is someone coming into the office with >a gun and saying "Stick 'em up!". :-) With virtually any modern, properly implemented crypto solution, the weaknesses in the system are going to be human not technical. Your friend is far more likely to have his data stolen via a disgruntled employee, a secretary being conned into giving out the password, spyware copying the unencrypted data or someone arriving with a gun. Have a close look at what has access to the data when it is unencrypted - it's far easier to steal this way than having to break the encryption. >1. >The file system (or rather the encryption) itself must be as secure as >possible. gbde uses 128bit AES with a different key for every sector, >geli uses up to 256bit AES with the same key all the time. geli also >supports blowfish. Which one of these approaches is more secure? geli is >newer but that doesn't say much for itself. Realistically, neither are going to fall to a brute force attack in the near future. Both use AES so a break in AES is likely to equally affect both (though a partial break would have a bigger impact on 128-bit AES). You probably need to spend more time thinking about the passphrase that you use to secure the master key - unless that has at least 128 (or 256) bits of entropy, it will be quicker to break the master key. >5. >The ideal protection would be to keep the server running[2] and have it >connected to the alarm system, so when the alarm is tripped, the server >destroys its master-keys and renders the information useless. You need to take into account the likelihood of the alarm system false triggering or a burglar stealing the computer without setting off the alarm. You might find it easier to protect the master keys with a (volatile) passphrase and rely on adequate protection of the passphrase. (You might also consider looking up "secret sharing" "threshold system"). >After considering this, am I better off with gbde or geli? Have I missed >anything in my little list? How will backups be protected? -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060129022943.GJ2341>