GELI - disk encryption GEOM class committed.

From: Pawel Jakub Dawidek <pjd_at_FreeBSD.org>
Date: Thu, 28 Jul 2005 22:54:13 +0200
Hi.

Few months ago I started work on another (besides GBDE) disk encryption
GEOM class.

To don't confuse users I'll say it here and now:

GELI is different than GBDE. It offers different features, but it also
use different scheme for doing crypto work.

It doesn't mean GBDE is broken!
It doesn't mean GBDE should not be used anymore (I still use it by myself)!
It is different and user should decide which one fits better his needs.

Anyway.

Below is the list of most important features offered by geli(8):

- Utilize the crypto(9) framework, so when there is a crypto hardware
  available, geli(8) will make use of it automatically.
  If cryptography needs to be done in software, a dedicated kernel
  thread(s) will be started to do the crypto work in there.
- Supports many cryptographic algorithms (currently AES, Blowfish
  and 3DES).
- Can create a key from a couple of components (user entered passphrase,
  random bits from a file, etc.).
- Allows to encrypt root partition - user will be asked for the passphrase
  before root file system is mounted.
- User's passphrase is strengthen with: B. Kaliski, PKCS #5:
  Password-Based Cryptography Specification, Version 2.0., RFC, 2898.
- Allows to use two independent keys (e.g.  "user key" and "company key").
- It is fast - geli performs simple sector-to-sector encryption.
- Allows to backup/restore Master Keys, so when user have to quickly
  destroy keys, it is able to get the data back by restoring keys from
  the backup.
- Provider can be configured to automatically detach on last close (so user
  don't have to remember to detach provider after unmounting file system).
- Allows to attach provider with a random, one-time keys - useful for swap
  partitions and temporary file systems.
- Allows to automatically detach provider on last close.
- Allows to overwrites on-disk keys with random data (when destroying
  them). One can define how many times.
- You can define number of threads which are going to do software
  crypto work (useful for SMP systems).

Things you need to know about geli(8).

GELI (simlar to GBDE) offers privacy only - there is no data integrity
verification, so when your disk/laptop will be stolen your data should be
safe, but if someone can modify your encrypted data behind your back,
geli is not going to detect these changes.

GELI uses block-unique IVs, which means, every data block (sector) has
a unique IV, which will not be changed when new data is written to the
disk. This means, that if someone can sniff your disk traffic somehow or
is able to get snapshots from your disk you could not be safe.
IVs used by GELI are secret, which should help here a bit, but you still
need to be careful.

GELI uses one key to encrypt all the data, so when you have multi-terabyte
storage, you should probably use AES-256 - AES-128 could not be enough.

You have been warned. Enjoy!

PS. GELI was sponsored by Wheel Sp. z o.o. (http://www.wheel.pl).

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd_at_FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

Received on Thu Jul 28 2005 - 18:54:17 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:40 UTC