On Tue, 2008-03-25 at 09:32 -0700, Grant wrote: > > > > On a notebook, there isn't an OS in existence that is immune to a > > > > LiveCD. > > > > > > Linux is. In the sense that you can't get at the data if the disc is > > > encrypted, even not with a LiveCD. You can only destroy/overwrite it. > > > > Yes, I realised that when typing the original, but left it as is - too > > many IF conditionals would be needed to be accurate and English is > > almost useless at getting IFs to parse correctly :-) > > > > Passwords come from a time when users had terminals that log onto > > machines that are somewhere else and the user can't lay a finger on > > them. Things have indeed changed since 1978 > > Would the type of filesystem encryption you guys are talking about be > unsuitable for a high-traffic server because of performance > considerations? > > - Grant
I did some benchmarks recently, posted them on gentoo-security. Long story short: Even my 64bit single-core Celeron can do 256bit AES, 320bit Anubis or 256bit Twofish faster than writing data to the disk (37MB/s). Blowfish, CAST and Serpent are too slow. 128bit AES (which I deem good enough for the near future) causes around 40% CPU-utilization. Whether it is suitable for your server depends on its usage patterns.
signature.asc
Description: This is a digitally signed message part
