On Tue, 4 Dec 2007 17:04:23 -0700 Chad Perrin <[EMAIL PROTECTED]> wrote:
> I've read reports to the effect that GBDE is vulnerable to online > dictionary attacks unless two-factor authentication is used. The only > such report I can find now is this discussion of NetBSD's CGD, where > its author contrasts it with GBDE: > > http://www.onlamp.com/lpt/a/6384 > > Is this still the case? Are there any other security concerns > related to GBDE's implementation that you might mention? How well > does GELI stack up against GBDE? > I think it's this: http://mail-index.netbsd.org/tech-security/2005/03/02/0003.html I don't know much about the internals of GBDE, but if we take his description of it at face value, it seems to be fair criticism. I think it's actually saying that GBDE assumes the user will provide enough user-key entropy, and doesn't do anything to mitigate the use of weaker passphrases. Geli uses salt and PKCS #5 so it's pretty much blameless in this area. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"