Re: Should I use gbde or geli?

On Sun, 29 Jan 2006 12:10:34 +0100 (CET)
Christian Baer <christian.baer@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

> One of the aces we may have is the fact that noone (including the
> employees) will know that the information is encrypted. This way a theft

Too late now. You already revealed this information into the public.
Google will be able to tell the well prepared burglar about this.

> could look more promising and if it succeeds the thief will find out
> that what he stole is worthless (apart from the hardware itself).

> We have been talking of AES all the time. How secure is blowfish? It's
> open source but not too well analysed so far. Can you say something
> about that. I have a problem trusting something that the NSA suggests,
> as there is always the possibility of a flaw in that. I know, some wild
> conspiricy, but worth a consideration at least.

AFAIR Blowfish was one the main algorithms which had a lot of potential
to get the AES sign, but in the end Rijndael won. I think it won
because of some resource aspects, not because of security aspects. But
I may be wrong with this.

> > You need to take into account the likelihood of the alarm system false
> > triggering or a burglar stealing the computer without setting off the
> > alarm. You might find it easier to protect the master keys with a
> > (volatile) passphrase and rely on adequate protection of the
> > passphrase. (You might also consider looking up "secret sharing"
> > "threshold system").
> I'm not really sure where you're going with this volatile pass-phrase.
> Both gbde and geli (AFAIK) don't save the pass-phrase on the disc. So
> they are by definition volatile. If some burglar were to steal the
> computer it most likely would be cut off from power. This way the discs
> would be "cold" and the information safe. The bigger risk would be the
> burglar copying the information.
> Or am I missing the point here?

Think about one-time passwords.


Actually, Microsoft is sort of a mixture between the Borg and the Ferengi. Alexander @
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"