On 28/04/2011, Kevin Chadwick <[email protected]> wrote: > On Wed, 27 Apr 2011 18:56:57 -0400 > Kraktus wrote: > >> So, I think OpenBSD tops the list of operating systems that "just >> work". The only thing I really wish for is more encryption options for >> softraid. > > And more people using OpenBSD, so the data I send to them is more > secure. :-)
And so I don't have to spend so much time repairing other people's computers, or having to feel so insecure when borrowing others' computers. Imagine walking into a library, signing up to use a computer, and being greeted by a friendly OpenBSD login screen. Or even a FreeBSD one. Or even a Linux one. Or just something that isn't Windows. But of course, that's just a dream. Which is why it would really be nice to have cross-platform block-level software encryption. Sometimes it is necessary to use a computer you don't have control over, and be able to access at least some of your data from that computer. Multi-booting is also sometimes unavoidable, e.g. if your employer requires you to use Photoshop, you really want to learn a foreign language with commercial software, or whatever the situation is. I've been looking into hardware solutions recently. A few examples: http://www.addonics.com/products/diamond_cipher/ http://www.addonics.com/products/cipher/CCEXA256.asp Hitachi's full disk encryption for laptop drives (really hard to find; manufacturers advertise the encrypted drive, but when it arrives in the mail, it turns out to be the unencrypted, freely-exportable version) The first would help for moving encrypted data between different computers running different operating systems; the second and third would help for encrypting a multi-boot computer but still allowing the different OSes to read each others' file systems. Unfortunately, there's some obvious weaknesses. In many ways, the Addonics key, being on a physical medium, has many of the same vulnerabilities as your house key. Unless you can shell out a grand to be able to generate and replicate your own keys, or reverse engineer the formatting so you can do it from OpenBSD, you're stuck letting them generate the key and make the copies. Unlike a password stored in your memory, it can be lost/stolen. (Of course, your memory might have limits on how strong a password you can remember, so the ideal would be to require both a strong key stored on a physical medium, *and* a user-remembered password, which could be accomplished either by encrypting the key with the password, or else by layering a physical-key based encryption and a password-based encryption.) It's probably either ECB or CBC, neither of which is particularly impressive. As for the Hitachi encryption, the length of the password is severely limited by your BIOS. In fact, your BIOS might not even let you enter a password. Also, every hardware-based encryption system I've seen is either AES or something even older and weaker, so if you want Twofish or Threefish, you can only get that from software, so far as I know.
