Re: GELI - disk encryption GEOM class committed.

From: Poul-Henning Kamp <phk_at_phk.freebsd.dk>
Date: Fri, 29 Jul 2005 08:31:17 +0200
In message <42E981B9.5060500_at_datacomm.ch>, Benjamin Lutz writes:

>Encryption Strength:
>  GBDE - Uses AES128 for data encryption, with a different key per
>         sector. Master key is encrypted using AES256 and stored on
>         4 random locations on the disk. Access key is SHA2/512bit
>         hashed.

Just a clarification:

GBDE uses PRNG one-time-use per sector keys.

>Speed:
>  GBDE - Runs in software.

I actually have a version which uses crypto(9) hardware but the gain
is a lot less than one would expect so I havn't completed it yet.

>Booting from Encrypted Root:
>  GBDE - Doesn't say, probably doesn't work

Correct doesn't work without some special handling.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk_at_FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Fri Jul 29 2005 - 04:31:20 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:40 UTC