> >If you want a secure filesystem I think that at this particular time > >it would be entirely reasonable to use both gbde and geli stacked on > >top of each other[...] I've often wondered if multiple encryption (CPU permitting) is sensible in case one day some method is cracked but another stays secure. There's been recent discussions on cracking algorithms at http://lists.gnupg.org/pipermail/gnupg-users/2015-October/054586.html I see man geli has: Supports many cryptographic algorithms (currently AES-XTS, AES-CBC, Blowfish-CBC, Camellia-CBC and 3DES-CBC). NAME section of man 1 gbde & geli both ref. GEOM. Skimming man 1 4 8 gbde geom I'm not sure how gbde compares. > Nobody is going to break through the GELI or GBDE crypto, they'll > find their way to the keys instead, or more likely, jail you until > you sing. Yes, if 'they' are physicaly present government, criminals etc. Encryption (& perhaps multiple encryption) is nice against eg - sneak thieves/ industrial spies/ remote hostile governments, - where one must sometimes share root with others. - scanners remote or local (Scanners could be hidden in BLOBs. Anyone else worry how many binary BLOBs are in FreeBSD, especially ports/ ? I started a list a couple of years back, got scared how many, then stopped after I realised a list was not maintainable & better to add a BLOB_HAZARD= label to ports Makefiles, but no one seemed interested ). - Casual physical loss: - My brother's USB stick fell off its plastic retainer to key ring, picture: http://www.conrad.de/ce/de/product/417197/ - Small shiney USB sticks on desk could be attractive like jewelery to birds such as magpies (`Elster' fly here, I stopped one thieving a shiney foil wrapped bar, a lot heavier & bigger than a USB stick). My data is long encrypted, I'll buy phk_at_ a beer if we meet somewhere :-) Cheers, Julian -- Julian Stacey, BSD Linux Unix Sys. Eng. Consultant Munich http://berklix.com Reply After previous text to preserve context, as in a play script. Indent previous text with > Insert new lines before 80 chars. Use plain text, Not quoted-printable, Not HTML, Not base64, Not MS.doc.Received on Sat Oct 24 2015 - 13:59:50 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:00 UTC