Re: Depreciate and remove gbde

2015-10-29 Thread Jeffrey Bouquet
On Thu, 29 Oct 2015 16:24:00 -0700, John-Mark Gurney wrote: > Lyndon Nerenberg wrote this message on Mon, Oct 26, 2015 at 19:06 -0700: > > On Oct 24, 2015, at 12:06 PM, John-Mark Gurney wrote: > > > > > The thing I like most about encryption is that when

Re: Depreciate and remove gbde

2015-10-29 Thread John-Mark Gurney
Lyndon Nerenberg wrote this message on Mon, Oct 26, 2015 at 19:06 -0700: > On Oct 24, 2015, at 12:06 PM, John-Mark Gurney wrote: > > > The thing I like most about encryption is that when I RMA a bad > > drive, I don't have to worry about my data leaking if I am unable > > to

Re: Depreciate and remove gbde

2015-10-27 Thread Felix Kronlage
Lyndon Nerenberg wrote: > On Oct 24, 2015, at 12:06 PM, John-Mark Gurney wrote: >> The thing I like most about encryption is that when I RMA a bad >> drive, I don't have to worry about my data leaking if I am unable >> to overwrite all the data... > You are optimistic if you

Re: Depreciate and remove gbde

2015-10-26 Thread Lyndon Nerenberg
On Oct 24, 2015, at 12:06 PM, John-Mark Gurney wrote: > The thing I like most about encryption is that when I RMA a bad > drive, I don't have to worry about my data leaking if I am unable > to overwrite all the data... You are optimistic if you believe that. We ($WORK)

Re: Depreciate and remove gbde

2015-10-24 Thread Julian H. Stacey
> >If you want a secure filesystem I think that at this particular time > >it would be entirely reasonable to use both gbde and geli stacked on > >top of each other[...] I've often wondered if multiple encryption (CPU permitting) is sensible in case one day some method is cracked but another

Re: Depreciate and remove gbde

2015-10-24 Thread Maxim Sobolev
For what's worth we are using modded GBDE in one of the products to provide copy protection for the firmware and encryption of user's data. GELI is nice, but it's way much more end-user oriented. Also GBDE code is very stable, which may look bad from somebody using it to protect his pr0n

Re: Depreciate and remove gbde

2015-10-24 Thread John-Mark Gurney
Julian H. Stacey wrote this message on Sat, Oct 24, 2015 at 17:58 +0200: > > >If you want a secure filesystem I think that at this particular time > > >it would be entirely reasonable to use both gbde and geli stacked on > > >top of each other[...] > > I've often wondered if multiple encryption

Re: Depreciate and remove gbde

2015-10-23 Thread Poul-Henning Kamp
In message <20151023192353.ga95...@cons.org>, Martin Cracauer writes: >If you want a secure filesystem I think that at this particular time >it would be entirely reasonable to use both gbde and geli stacked on >top of each other[...] Nobody is going to break through the GELI or GBDE

Re: Depreciate and remove gbde

2015-10-23 Thread Martin Cracauer
If I can open the soapbox for a moment. If you want a secure filesystem I think that at this particular time it would be entirely reasonable to use both gbde and geli stacked on top of each other, assuming you have CPU/battery to spare. (there should be enough cores but the battery might be

Re: Depreciate and remove gbde

2015-10-20 Thread Anton Shterenlikht
>GBDE is for when the user is in danger. In danger of what? Please elaborate. >From the handbook, it is not clear at all that the two encryption methods are designed to defend against different threats. Maybe I'm using the wrong one... Thank you Anton

Re: Depreciate and remove gbde

2015-10-20 Thread NGie Cooper
> On Oct 20, 2015, at 00:29, Poul-Henning Kamp wrote: > > > In message <201510200645.t9k6jaam004...@mech-as222.men.bris.ac.uk>, Anton > Shterenlikht writes: >>> GBDE is for when the user is in danger. >> >> In danger of what? >> Please elaborate. > > Read the

Re: Depreciate and remove gbde

2015-10-20 Thread Poul-Henning Kamp
In message <5625d422.4040...@fizk.net>, Yonas Yanfa writes: >> Think human rights activists for instance. > >Couldn't they use a fake email address and Tor to communicate >anonymously? I'd be surprised if they aren't already. If you think being a human rights activist is that simple,

Re: Depreciate and remove gbde

2015-10-20 Thread Poul-Henning Kamp
In message <201510200841.t9k8fngy005...@mech-as222.men.bris.ac.uk>, Anton Shterenlikht writes: >Am I correct that the papers are from 2003 and 2004 >respectively. Has much changed in gbde since then? Nope. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 p...@freebsd.org

Re: Depreciate and remove gbde

2015-10-20 Thread Anton Shterenlikht
>From p...@phk.freebsd.dk Tue Oct 20 10:08:55 2015 > >>Am I correct that the papers are from 2003 and 2004 >>respectively. Has much changed in gbde since then? > >Nope. One thing that puzzled me about the way gbde is integrated with the FreeBSD boot sequence is that it's not possible to boot

Re: Depreciate and remove gbde

2015-10-20 Thread Anton Shterenlikht
>> In message <201510200645.t9k6jaam004...@mech-as222.men.bris.ac.uk>, Anton >> Shterenlikht writes: GBDE is for when the user is in danger. >>> >>> In danger of what? >>> Please elaborate. >> >> Read the paper: >> >> http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf >> >> Or use

Re: Depreciate and remove gbde

2015-10-20 Thread Yonas Yanfa
On 10/20/2015 01:27, Poul-Henning Kamp wrote: In message , NGie Cooper writes: 1. Why are there 2 competing technologies? They are not competing, they support two very different threat models. We need to make

Re: Depreciate and remove gbde

2015-10-20 Thread Poul-Henning Kamp
In message <201510200645.t9k6jaam004...@mech-as222.men.bris.ac.uk>, Anton Shterenlikht writes: >>GBDE is for when the user is in danger. > >In danger of what? >Please elaborate. Read the paper: http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf Or use the TL;DR version in the

Re: Depreciate and remove gbde

2015-10-19 Thread Anton Shterenlikht
I use gbde. Can switch to geli, if required, but please provide detailed instructions for switching before removing gbde. Anton ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send

Re: Depreciate and remove gbde

2015-10-19 Thread Slawa Olhovchenkov
On Mon, Oct 19, 2015 at 01:52:05AM -0700, Perry Hutchison wrote: > Anton Shterenlikht wrote: > > > I use gbde. > > Can switch to geli, if required, > > but please provide detailed instructions > > for switching before removing gbde. > > Such instructions would presumably be

Re: Depreciate and remove gbde

2015-10-19 Thread Perry Hutchison
Anton Shterenlikht wrote: > I use gbde. > Can switch to geli, if required, > but please provide detailed instructions > for switching before removing gbde. Such instructions would presumably be included in the UPDATING entry. An additional consideration: If there is no

Re: Depreciate and remove gbde

2015-10-19 Thread Julian H. Stacey
Slawa Olhovchenkov wrote: > On Mon, Oct 19, 2015 at 01:52:05AM -0700, Perry Hutchison wrote: > > > Anton Shterenlikht wrote: > > > > > I use gbde. > > > Can switch to geli, if required, > > > but please provide detailed instructions > > > for switching before removing gbde. >

Re: Depreciate and remove gbde

2015-10-19 Thread Ed Maste
On 19 October 2015 at 16:50, John-Mark Gurney wrote: > O. Hartmann wrote this message on Mon, Oct 19, 2015 at 06:19 +0200: >> For me, I'd like to know what is the benefit/performance of each technique >> and >> a clear preparation of each ones advantages over the other. That

Re: Depreciate and remove gbde

2015-10-19 Thread Julian H. Stacey
Hi, Reference: > From: John-Mark Gurney > Date: Mon, 19 Oct 2015 13:50:08 -0700 John-Mark Gurney wrote: > So, one thing that the docs talk about is that geli uses the crypto(9) Interesting.

Re: Depreciate and remove gbde

2015-10-19 Thread John-Mark Gurney
O. Hartmann wrote this message on Mon, Oct 19, 2015 at 06:19 +0200: > For me, I'd like to know what is the benefit/performance of each technique and > a clear preparation of each ones advantages over the other. That would make > the > decission process much easier and hopefully would not scare

Re: Depreciate and remove gbde

2015-10-19 Thread Yonas Yanfa
Hi Martin, thanks, that raises some interesting points. After reading PHK's paper on GBDE, I can see enough differences between GDBE and GELI that warrant keeping GDBE. [ At this point for me, this part is theoretical, but it's still interesting ] I've seen the concerned made a few times that we

Re: Depreciate and remove gbde

2015-10-19 Thread Martin Cracauer
Yonas Yanfa wrote on Sun, Oct 18, 2015 at 06:36:19AM -0400: > > Is there any objection to removing gbde? How many people use gbde? When > have you used gbde over geli, and why? You would exclude all current users from accessing their existing filesystems or whatever they put into that block

Re: Depreciate and remove gbde

2015-10-19 Thread RW
On Mon, 19 Oct 2015 06:19:30 +0200 O. Hartmann wrote: > When I looked for FreeBSD's encryption, I stopped by GELI. Because of > it's easy-to-use AND the 'experimental' tag in the handbook! > > For me, I'd like to know what is the benefit/performance of each > technique and a clear preparation

Re: Depreciate and remove gbde

2015-10-19 Thread NGie Cooper
On Mon, Oct 19, 2015 at 4:44 PM, Martin Cracauer wrote: > Yonas Yanfa wrote on Sun, Oct 18, 2015 at 06:36:19AM -0400: >> >> Is there any objection to removing gbde? How many people use gbde? When >> have you used gbde over geli, and why? > > You would exclude all current users

Re: Depreciate and remove gbde

2015-10-19 Thread John-Mark Gurney
Ed Maste wrote this message on Mon, Oct 19, 2015 at 17:13 -0400: > On 19 October 2015 at 16:50, John-Mark Gurney wrote: > > O. Hartmann wrote this message on Mon, Oct 19, 2015 at 06:19 +0200: > >> For me, I'd like to know what is the benefit/performance of each technique > >>

Re: Depreciate and remove gbde

2015-10-19 Thread Poul-Henning Kamp
In message , NGie Cooper writes: >1. Why are there 2 competing technologies? They are not competing, they support two very different threat models. >3. Is there a gain/loss for removing gbde? Yes, you alienate a lot

Re: Depreciate and remove gbde

2015-10-19 Thread Warren Block
On Mon, 19 Oct 2015, John-Mark Gurney wrote: Ed Maste wrote this message on Mon, Oct 19, 2015 at 17:13 -0400: On 19 October 2015 at 16:50, John-Mark Gurney wrote: O. Hartmann wrote this message on Mon, Oct 19, 2015 at 06:19 +0200: For me, I'd like to know what is the

Re: Depreciate and remove gbde

2015-10-19 Thread Poul-Henning Kamp
In message <20151019234855.4ed82...@gumby.homeunix.com>, RW writes: >I certainly wouldn't like to see gbde removed but I think it is >unfortunate that it's given slightly greater prominence in the handbook >than geli. geli is the right choice for most people. This I fully agree with.

Re: Depreciate and remove gbde

2015-10-18 Thread Julian H. Stacey
Yonas Yanfa wrote: > Hi, > > It seems geli is the standard way of encrypting disks. It's extremely > flexible and usually recommended by the community over gbde. Moreover, > geli is mentioned a lot more in the mailing lists and forums. & global community uses DOS-FS more, & mentions MS more

Re: Depreciate and remove gbde

2015-10-18 Thread O. Hartmann
On Mon, 19 Oct 2015 01:29:36 +0200 "Julian H. Stacey" wrote: > > Yonas Yanfa wrote: > > Hi, > > > > It seems geli is the standard way of encrypting disks. It's extremely > > flexible and usually recommended by the community over gbde. Moreover, > > geli is mentioned a lot

Re: Depreciate and remove gbde

2015-10-18 Thread Allan Jude
On 2015-10-18 06:36, Yonas Yanfa wrote: > Hi, > > It seems geli is the standard way of encrypting disks. It's extremely > flexible and usually recommended by the community over gbde. Moreover, > geli is mentioned a lot more in the mailing lists and forums. > > gbde's man page explicitly says

Re: Depreciate and remove gbde

2015-10-18 Thread Poul-Henning Kamp
In message <5623846b.6000...@freebsd.org>, Allan Jude writes: >While I think it isn't a bad idea to put GELI first in the handbook, I >don't see any reason to remove gdbe. I don't see any reason to remove gbde, and would consider any such suggestion somewhat suspect, given the set of