Re: Should I use gbde or geli?

On Sat, 2006-Jan-28 19:34:49 +0100, Christian Baer wrote:
>For a friend of mine I am thinking up a fileserver for his own little
>company that contains *very* sensitive information (mainly stuff that is
>still in developement or on the way of a patent or something like that).

Security is not an absolute - it's a cost/benefit analysis. Your
friend needs to consider the value of his data, who is likely to want
to steal it and what resources they have available. I suggest you
have a read of some of (eg) Bruce Schneier's recent books.

>Attempts have been made to get at this data the "hard way". The only
>thing that hasn't happened so far is someone coming into the office with
>a gun and saying "Stick 'em up!". :-)

With virtually any modern, properly implemented crypto solution, the
weaknesses in the system are going to be human not technical. Your
friend is far more likely to have his data stolen via a disgruntled
employee, a secretary being conned into giving out the password,
spyware copying the unencrypted data or someone arriving with a gun.
Have a close look at what has access to the data when it is
unencrypted - it's far easier to steal this way than having to break
the encryption.

>The file system (or rather the encryption) itself must be as secure as
>possible. gbde uses 128bit AES with a different key for every sector,
>geli uses up to 256bit AES with the same key all the time. geli also
>supports blowfish. Which one of these approaches is more secure? geli is
>newer but that doesn't say much for itself.

Realistically, neither are going to fall to a brute force attack in the
near future. Both use AES so a break in AES is likely to equally affect
both (though a partial break would have a bigger impact on 128-bit AES).
You probably need to spend more time thinking about the passphrase that
you use to secure the master key - unless that has at least 128 (or 256)
bits of entropy, it will be quicker to break the master key.

>The ideal protection would be to keep the server running[2] and have it
>connected to the alarm system, so when the alarm is tripped, the server
>destroys its master-keys and renders the information useless.

You need to take into account the likelihood of the alarm system false
triggering or a burglar stealing the computer without setting off the
alarm. You might find it easier to protect the master keys with a
(volatile) passphrase and rely on adequate protection of the
passphrase. (You might also consider looking up "secret sharing"
"threshold system").

>After considering this, am I better off with gbde or geli? Have I missed
>anything in my little list?

How will backups be protected?

Peter Jeremy
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: freebsd encrypted hard disk?
    ... It supports well-regarded encryption algorithms ... like AES and Blowfish. ... It depends on what you mean by modern, and slight, on my single-core ... sustained geli to geli file copy makes things really slow for me. ...
  • Re: Is a cryptographic monoculture hurting us all?
    ... Douglas A. Gwyn wrote: ... > The advantage of AES is that it was checked by one of ... > degree of protection of government assets, ...
  • Re: Someone said 256 bits is not enough
    ... more attacks than 256-bit AES? ... It's not the number of eyes that counts, it's the quality of the brains behind them. ... AES-256 is specified by NSA in Suite B encryption for the protection of Top Secret information. ...
  • Which AES to use?
    ... I've been reading on Bruce Schneier's blog about key diffusion and the ... key schedule in AES 256 being poor. ... for use in a geli ... encrypted provider, what are the pros and cons of selecting AES 128, ...