Date: Mon, 30 Jan 2006 18:39:36 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: freebsd-security@freebsd.org Subject: Re: Should I use gbde or geli? Message-ID: <20060130073935.GA702@turion.vk2pj.dyndns.org> In-Reply-To: <dri7ra$1ouq$1@nermal.rz1.convenimus.net> References: <drgdg9$1klu$9@nermal.rz1.convenimus.net> <20060129022943.GJ2341@turion.vk2pj.dyndns.org> <dri7ra$1ouq$1@nermal.rz1.convenimus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2006-Jan-29 12:10:34 +0100, Christian Baer wrote: >On Sun, 29 Jan 2006 13:29:43 +1100 Peter Jeremy wrote: >I am reading up on the basics of this subject. However, the theory >doesn't really cover too much of the practical sides like the real >differences between approaches or even gbde and geli. Unfortunately, no-one with that knowledge has popped up. You could try writing to the authors of gbde and geli and ask their opinions. >Human failure can never be ruled out, if you can call being forced to do >something at gunpoint a "failure". If an attacker gets away with the data, by whatever means, then the security system has failed. If you considered armed robbery a likely situation (which you've ruled out), then you would need to protect against it. >One of the aces we may have is the fact that noone (including the >employees) will know that the information is encrypted. Actually, even though you haven't mentioned the company, someone with the resources to consider breaking AES would probably not find it too difficult to find the company's name. You _have_ admitted that you are one of the people who knows the passphrase. >We have been talking of AES all the time. How secure is blowfish? It's >open source but not too well analysed so far. Can you say something >about that. I have a problem trusting something that the NSA suggests, >as there is always the possibility of a flaw in that. I know, some wild >conspiricy, but worth a consideration at least. The AES algorithm and its design principles are all public (and the algorithm was developed outside the US). It has been through a rigorous examination by the crypto community and the open community haven't found any problems. Obviously, we don't know what the NSA (and other spook agencies) found but NSA has two primary functions: Protecting US information from prying eyes (promoting strong, unbreakable crypto) and decrypting the rest of the world's secrets (promoting weak crypto). The crypto experts I've spoken to believe that AES is the result of the former group and if NSA found any weaknesses, they would have killed it. Keep in mind that (despite the paranoia) DES _was_ secure and the S-box construction was kept secret because it was designed to protect against differential crytanalysis - which was not a publicly known technique at the time. I suggest you look up the sci.crypt FAQ. >> alarm. You might find it easier to protect the master keys with a >> (volatile) passphrase and rely on adequate protection of the >> passphrase. (You might also consider looking up "secret sharing" >> "threshold system"). > >I'm not really sure where you're going with this volatile pass-phrase. You were talking about automatically destroying the master key (which makes recovering the data difficult). I'm suggesting that you rely on protecting the master key so it can't be recovered, even if the disc is stolen. > If some burglar were to steal the >computer it most likely would be cut off from power. If I knew that the computer had sensitive information that would be lost to me if the computer got powered off, I would ensure that the computer didn't lose power whilst I was stealing it. Maybe I can steal the UPS with the computer. If not, I could try opening the case and paralleling my own supply. -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060130073935.GA702>