My laptop (Thinkpad T41p) and I are going to be doing a lot of travelling in the next year, so I'm investigating how to (cryptographically) improve my security in case of loss/theft/seizure. Right now I use cfs (ports) for a few "sensitive" subdirectories, but 95+% of my /home is still cleartext to anyone with physical access to the laptop. The same applies for my external backup disks.
I'm considering putting all of /home under svnd encryption (still keeping cfs on top for "sensitive" subdirectories), and I have some questions (see below). I have RTFMs svnd(4), vnconfig(8), and mount_vnd(8), and googled my way to some useful web pages, notably http://www.xs4all.nl/~hanb/documents/OpenBSDEncryptedFilesystemHOWTO.html http://mareichelt.de/pub/notmine/linuxbsd-comparison.html http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto (Some of these web pages seem to be a bit old, (eg) complaining about the now-fixed dictionary-attack vulnerability). As I understand it, the basic procedure for using svnd is this (starting with a brand-new-from-the-computer-store disk sd0, and with steps numbered for later reference: [1] # fdisk sd0 ... create single msdos-partition [2] # disklabel sd0 ... create single openbsd-partition "a" [3] # newfs /dev/sd0a [4] # mount -o softdep /dev/sd0a /mnt [5] # dd if=/dev/arandom bs=1m of=/mnt/imagefile count=... [6] # vnconfig -vck -K 100000 -S /var/saltfile svnd0 /mnt/imagefile [7] # disklabel svnd0 ... create encrypted openbsd-partition "a" [8] # newfs /dev/svnd0a [9] # mount -o rw,nodev,nosuid,softdep -t vnd /dev/svnd0a /home Now my questions: 1. Are there other Fine Manuals (relevant to svnd) I should Read besides the ones I listed above? 2. Where (besides the source code) can I find the svnd encryption algorithm documented? This would help me research the answer to the next question... 3. What are the error propagation properties of the svnd encryption? That is, for example, if a disk/USB/memory error corrupts a single 512-byte block in the middle of /dev/sd0a, will that show up as 512 bytes of corruption in /dev/svnd0c, or will the entire /dev/svnd0c be corrupted from that point onwards? 4. Is there any upper size limit to the size of an encrypted image apart from the kernel 8TB limit and fsck time and memory usage? For example, is there any problem with using the above on (say) a 250GB disk? 5. Is there any problem with using softdep in steps [4] and [9]? 6. Are there any special newfs parameters needed for either the underlying filesystem (step [3]) or the encrypted one (step [8])? The underlying filesystem will only hold a single huge 'imagefile', whose size won't change after initial creation (step [5]), so I could imagine saving a bit of disk space by configuring very few inodes. What about the FFS/FFS2 minimum free space threshold (newfs -m) -- with the imagefile preallocated (step [5]), is there any benefit to a nonzero minimum free space threshold? 7. How worried should I be about bug kernel/5709 "rapidly creating many small files on crypted svnd locks box", which as of a few minutes ago was/is shown as in state "open"? ciao, -- -- "Jonathan Thornburg [remove -animal to reply]" <[EMAIL PROTECTED]> t <= 31.Aug.2008: School of Mathematics, U of Southampton, England t > 1.Sep.2008: Dept of Astronomy, Indiana University, Bloomington, USA "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam
