On Thu, 29 Oct 2015 16:24:00 -0700, John-Mark Gurney wrote:
> Lyndon Nerenberg wrote this message on Mon, Oct 26, 2015 at 19:06 -0700:
> > On Oct 24, 2015, at 12:06 PM, John-Mark Gurney wrote:
> >
> > > The thing I like most about encryption is that when I RMA a bad
> > > drive, I don't have
Lyndon Nerenberg wrote this message on Mon, Oct 26, 2015 at 19:06 -0700:
> On Oct 24, 2015, at 12:06 PM, John-Mark Gurney wrote:
>
> > The thing I like most about encryption is that when I RMA a bad
> > drive, I don't have to worry about my data leaking if I am unable
> > to overwrite all the dat
Lyndon Nerenberg wrote:
> On Oct 24, 2015, at 12:06 PM, John-Mark Gurney wrote:
>> The thing I like most about encryption is that when I RMA a bad
>> drive, I don't have to worry about my data leaking if I am unable
>> to overwrite all the data...
> You are optimistic if you believe that. We ($W
On Oct 24, 2015, at 12:06 PM, John-Mark Gurney wrote:
> The thing I like most about encryption is that when I RMA a bad
> drive, I don't have to worry about my data leaking if I am unable
> to overwrite all the data...
You are optimistic if you believe that. We ($WORK) factor the cost of
DOA/
Julian H. Stacey wrote this message on Sat, Oct 24, 2015 at 17:58 +0200:
> > >If you want a secure filesystem I think that at this particular time
> > >it would be entirely reasonable to use both gbde and geli stacked on
> > >top of each other[...]
>
> I've often wondered if multiple encryption (C
For what's worth we are using modded GBDE in one of the products to provide
copy protection for the firmware and encryption of user's data. GELI is
nice, but it's way much more end-user oriented. Also GBDE code is very
stable, which may look bad from somebody using it to protect his pr0n
collection
> >If you want a secure filesystem I think that at this particular time
> >it would be entirely reasonable to use both gbde and geli stacked on
> >top of each other[...]
I've often wondered if multiple encryption (CPU permitting) is sensible in
case one day some method is cracked but another stay
In message <20151023192353.ga95...@cons.org>, Martin Cracauer writes:
>If you want a secure filesystem I think that at this particular time
>it would be entirely reasonable to use both gbde and geli stacked on
>top of each other[...]
Nobody is going to break through the GELI or GBDE cryp
If I can open the soapbox for a moment.
If you want a secure filesystem I think that at this particular time
it would be entirely reasonable to use both gbde and geli stacked on
top of each other, assuming you have CPU/battery to spare. (there
should be enough cores but the battery might be unhap
On 10/20/2015 01:27, Poul-Henning Kamp wrote:
In message
, NGie
Cooper writes:
1. Why are there 2 competing technologies?
They are not competing, they support two very different threat models.
We need to make this a lot more clear in the Handbook. John-Mark is
taking the charge h
>From p...@phk.freebsd.dk Tue Oct 20 10:08:55 2015
>
>>Am I correct that the papers are from 2003 and 2004
>>respectively. Has much changed in gbde since then?
>
>Nope.
One thing that puzzled me about the way gbde
is integrated with the FreeBSD boot sequence is
that it's not possible to boot witho
In message <201510200841.t9k8fngy005...@mech-as222.men.bris.ac.uk>, Anton
Shterenlikht writes:
>Am I correct that the papers are from 2003 and 2004
>respectively. Has much changed in gbde since then?
Nope.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
p...@freebsd.org
>> In message <201510200645.t9k6jaam004...@mech-as222.men.bris.ac.uk>, Anton
>> Shterenlikht writes:
GBDE is for when the user is in danger.
>>>
>>> In danger of what?
>>> Please elaborate.
>>
>> Read the paper:
>>
>> http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
>>
>> Or use t
In message <5625d422.4040...@fizk.net>, Yonas Yanfa writes:
>> Think human rights activists for instance.
>
>Couldn't they use a fake email address and Tor to communicate
>anonymously? I'd be surprised if they aren't already.
If you think being a human rights activist is that simple, yo
> On Oct 20, 2015, at 00:29, Poul-Henning Kamp wrote:
>
>
> In message <201510200645.t9k6jaam004...@mech-as222.men.bris.ac.uk>, Anton
> Shterenlikht writes:
>>> GBDE is for when the user is in danger.
>>
>> In danger of what?
>> Please elaborate.
>
> Read the paper:
>
> http:/
>GBDE is for when the user is in danger.
In danger of what?
Please elaborate.
>From the handbook, it is not clear at all
that the two encryption methods are designed
to defend against different threats.
Maybe I'm using the wrong one...
Thank you
Anton
__
In message <201510200645.t9k6jaam004...@mech-as222.men.bris.ac.uk>, Anton
Shterenlikht writes:
>>GBDE is for when the user is in danger.
>
>In danger of what?
>Please elaborate.
Read the paper:
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
Or use the TL;DR version in the
In message
, NGie
Cooper writes:
>1. Why are there 2 competing technologies?
They are not competing, they support two very different threat models.
>3. Is there a gain/loss for removing gbde?
Yes, you alienate a lot of users who very often are not even in a
position to tell you they
In message <20151019234855.4ed82...@gumby.homeunix.com>, RW writes:
>I certainly wouldn't like to see gbde removed but I think it is
>unfortunate that it's given slightly greater prominence in the handbook
>than geli. geli is the right choice for most people.
This I fully agree with.
GE
On Mon, 19 Oct 2015, John-Mark Gurney wrote:
Ed Maste wrote this message on Mon, Oct 19, 2015 at 17:13 -0400:
On 19 October 2015 at 16:50, John-Mark Gurney wrote:
O. Hartmann wrote this message on Mon, Oct 19, 2015 at 06:19 +0200:
For me, I'd like to know what is the benefit/performance of e
Hi Martin, thanks, that raises some interesting points. After reading PHK's
paper on GBDE, I can see enough differences between GDBE and GELI that
warrant keeping GDBE.
[ At this point for me, this part is theoretical, but it's still
interesting ] I've seen the concerned made a few times that we n
On Mon, Oct 19, 2015 at 4:44 PM, Martin Cracauer wrote:
> Yonas Yanfa wrote on Sun, Oct 18, 2015 at 06:36:19AM -0400:
>>
>> Is there any objection to removing gbde? How many people use gbde? When
>> have you used gbde over geli, and why?
>
> You would exclude all current users from accessing their
Yonas Yanfa wrote on Sun, Oct 18, 2015 at 06:36:19AM -0400:
>
> Is there any objection to removing gbde? How many people use gbde? When
> have you used gbde over geli, and why?
You would exclude all current users from accessing their existing
filesystems or whatever they put into that block dev
On Mon, 19 Oct 2015 06:19:30 +0200
O. Hartmann wrote:
> When I looked for FreeBSD's encryption, I stopped by GELI. Because of
> it's easy-to-use AND the 'experimental' tag in the handbook!
>
> For me, I'd like to know what is the benefit/performance of each
> technique and a clear preparation o
Ed Maste wrote this message on Mon, Oct 19, 2015 at 17:13 -0400:
> On 19 October 2015 at 16:50, John-Mark Gurney wrote:
> > O. Hartmann wrote this message on Mon, Oct 19, 2015 at 06:19 +0200:
> >> For me, I'd like to know what is the benefit/performance of each technique
> >> and
> >> a clear pre
Slawa Olhovchenkov wrote:
> On Mon, Oct 19, 2015 at 01:52:05AM -0700, Perry Hutchison wrote:
>
> > Anton Shterenlikht wrote:
> >
> > > I use gbde.
> > > Can switch to geli, if required,
> > > but please provide detailed instructions
> > > for switching before removing gbde.
> >
> > Such instruc
On 19 October 2015 at 16:50, John-Mark Gurney wrote:
> O. Hartmann wrote this message on Mon, Oct 19, 2015 at 06:19 +0200:
>> For me, I'd like to know what is the benefit/performance of each technique
>> and
>> a clear preparation of each ones advantages over the other. That would make
>> the
>>
Hi, Reference:
> From: John-Mark Gurney
> Date: Mon, 19 Oct 2015 13:50:08 -0700
John-Mark Gurney wrote:
> So, one thing that the docs talk about is that geli uses the crypto(9)
Interesting.
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
Could ben
O. Hartmann wrote this message on Mon, Oct 19, 2015 at 06:19 +0200:
> For me, I'd like to know what is the benefit/performance of each technique and
> a clear preparation of each ones advantages over the other. That would make
> the
> decission process much easier and hopefully would not scare peo
On Mon, Oct 19, 2015 at 01:52:05AM -0700, Perry Hutchison wrote:
> Anton Shterenlikht wrote:
>
> > I use gbde.
> > Can switch to geli, if required,
> > but please provide detailed instructions
> > for switching before removing gbde.
>
> Such instructions would presumably be included in the UPDA
Anton Shterenlikht wrote:
> I use gbde.
> Can switch to geli, if required,
> but please provide detailed instructions
> for switching before removing gbde.
Such instructions would presumably be included in the UPDATING
entry.
An additional consideration: If there is no convert-in-place
mechani
I use gbde.
Can switch to geli, if required,
but please provide detailed instructions
for switching before removing gbde.
Anton
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send a
On Mon, 19 Oct 2015 01:29:36 +0200
"Julian H. Stacey" wrote:
>
> Yonas Yanfa wrote:
> > Hi,
> >
> > It seems geli is the standard way of encrypting disks. It's extremely
> > flexible and usually recommended by the community over gbde. Moreover,
> > geli is mentioned a lot more in the mailing
Yonas Yanfa wrote:
> Hi,
>
> It seems geli is the standard way of encrypting disks. It's extremely
> flexible and usually recommended by the community over gbde. Moreover,
> geli is mentioned a lot more in the mailing lists and forums.
& global community uses DOS-FS more, & mentions MS more th
In message <5623846b.6000...@freebsd.org>, Allan Jude writes:
>While I think it isn't a bad idea to put GELI first in the handbook, I
>don't see any reason to remove gdbe.
I don't see any reason to remove gbde, and would consider any such
suggestion somewhat suspect, given the set of use
On 2015-10-18 06:36, Yonas Yanfa wrote:
> Hi,
>
> It seems geli is the standard way of encrypting disks. It's extremely
> flexible and usually recommended by the community over gbde. Moreover,
> geli is mentioned a lot more in the mailing lists and forums.
>
> gbde's man page explicitly says that
36 matches
Mail list logo