For whatever it is worth, if I use geli rather than gbde I get normal
(~30MB/s) performance.
I also get the same slow gbde performance on 8.1-PRERELEASE as of last night.
I've make a kernel swaping in files from 7.2 source to see if I got
any improvement.
I pulled in:
geom_dev.c (with some hacks
Sometime between FreeBSD 7.2-RELEASE-p4 and 8.0-RELEASE write
performance of gbde encrypted devices seems to have dropped
significantly. A system I have running 7.2 seems to run gbde drives
at or near the drive max rate (30-40MB/s) while I am seeing less than
10% of that on 8.0 systems.
I get
In release 8.0 is GBDE now part of the base system?
If not what is the /boot/loader.conf command to add to enable it?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any
On 3/20/10 6:29 AM, Aiza wrote:
In release 8.0 is GBDE now part of the base system?
If not what is the /boot/loader.conf command to add to enable it?
You don't have to enable it. Nothing to add to the loader.conf.
But if you want to mount the partitions during the boot:
18.16.1.2.1
Does the fixit.iso file include the GBDE application?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
For example, the editor I use normally writes to /tmp -- I changed that,
making it slower, but in the event that someone takes my laptop I want to
sleep at night.
I've no problem letting some poor person make a windoz machine out of my
laptop -- but I don't want to share my work, my intellectual
On 01/21/10 16:32, Henry Olyer wrote:
For example, the editor I use normally writes to /tmp -- I changed that,
making it slower, but in the event that someone takes my laptop I want to
sleep at night.
If you use a swap-backed memory drive (see
http://man.freebsd.org/mdconfig) for /tmp and use
On Thu, Jan 21, 2010 at 10:32:01AM -0500, Henry Olyer wrote:
For example, the editor I use normally writes to /tmp -- I changed that,
making it slower, but in the event that someone takes my laptop I want to
sleep at night.
I've no problem letting some poor person make a windoz machine out
to a
lot of things.
I develop and sometimes I'd like to use headphones and gasp!, put up a DVD
movie. Using mplayer. I made sound work. Hey, for me that was big.
Last (this time I really mean last,) I'm using GBDE. I'd like to hear
from anyone else who uses it. I have questions
I've read reports to the effect that GBDE is vulnerable to online
dictionary attacks unless two-factor authentication is used. The only
such report I can find now is this discussion of NetBSD's CGD, where its
author contrasts it with GBDE:
http://www.onlamp.com/lpt/a/6384
Is this still
On Tue, 4 Dec 2007 17:04:23 -0700
Chad Perrin [EMAIL PROTECTED] wrote:
I've read reports to the effect that GBDE is vulnerable to online
dictionary attacks unless two-factor authentication is used. The only
such report I can find now is this discussion of NetBSD's CGD, where
its author
On Wed, 21 Mar 2007 23:15:50 +0100
Roland Smith [EMAIL PROTECTED] wrote:
On Wed, Mar 21, 2007 at 06:33:19PM +, RW wrote:
How do you attach the dvd content?
# geli attach /dev/cd0
Cannot read metadata from /dev/cd0: Invalid argument.
geli attach -r /dev/cd0
Cannot read
On Sat, 24 Mar 2007 20:10:11 +0100 (CET)
Wojciech Puchar [EMAIL PROTECTED] wrote:
why there are both? what should i use to have better chance i will
be able to recover data after say 10 years knowing password?
I presume it's to do with geli using OpenSSL libraries and so
picking-up
why there are both? what should i use to have better chance i will be
able to recover data after say 10 years knowing password?
I presume it's to do with geli using OpenSSL libraries and so picking-up
hardware acceleration where available. I think gdbe is being sidelined.
i switched to geli,
On Wed, Mar 21, 2007 at 12:13:21AM +, RW wrote:
snip
i need both encrypted partition and encrypted copies/DVDs.
I'd be interested if anyone has a method for creating encrypted DVDs
that still works.
You can use a UFS filesystem on a DVD. In short:
- create an file with
On Wed, 21 Mar 2007 08:02:51 +0100
Roland Smith [EMAIL PROTECTED] wrote:
On Wed, Mar 21, 2007 at 12:13:21AM +, RW wrote:
snip
i need both encrypted partition and encrypted copies/DVDs.
I'd be interested if anyone has a method for creating encrypted
DVDs that still works.
On Wed, Mar 21, 2007 at 06:33:19PM +, RW wrote:
How do you attach the dvd content?
# geli attach /dev/cd0
Cannot read metadata from /dev/cd0: Invalid argument.
geli attach -r /dev/cd0
Cannot read metadata from /dev/cd0: Invalid argument.
I get the same error. Odd. I thought I used
what they are. both works, both works right.
geli has more options.
why there are both? what should i use to have better chance i will be able
to recover data after say 10 years knowing password?
i need both encrypted partition and encrypted copies/DVDs.
i use gbde for some time
9660 filesystem wont support a
single 4.7GB file.
It worked at the time, but recently I found that the technique no
longer works, gbde wouldn't attach the device as it's read-only. I know
the behaviour has changed, because I had the old scripts, that had
worked before. It's still possible to access
On Tue, Mar 20, 2007 at 10:36:19PM +, RW wrote:
On Tue, 20 Mar 2007 19:06:28 +0100 (CET)
Wojciech Puchar [EMAIL PROTECTED] wrote:
what they are. both works, both works right.
geli has more options.
why there are both? what should i use to have better chance i will be
able to
On Wed, 21 Mar 2007 00:15:04 +0100
Roland Smith [EMAIL PROTECTED] wrote:
On Tue, Mar 20, 2007 at 10:36:19PM +, RW wrote:
On Tue, 20 Mar 2007 19:06:28 +0100 (CET)
Wojciech Puchar [EMAIL PROTECTED] wrote:
what they are. both works, both works right.
geli has more options.
I am successfully using sshfs with my offsite backup
provider, rsync.net. I used these instructions:
http://www.rsync.net/resources/howto/freebsd_sshfs.html
and have my remote filesystem mounted locally.
I decided that I would like to create a 4 GB GBDE
image and place it on the mounted
Hi:
I want to create encrypted memory filesystems for backup, and selective
data destruction: If I have data from different users say, each user's
backup will be stored as different encrypted file systems. Then I can
selectively destroy data from one user by throwing away the key.
Now, how do I
and make a GBDE on it.
You could probably use geom_gate for it and forward the connection from the
local ggatec to the remote ggated via your ssh connection.
--
Christian Laursen
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org
the contants, so I want
to just upload a single 2gig file and make a GBDE on it.
You could probably use geom_gate for it and forward the connection from the
local ggatec to the remote ggated via your ssh connection.
Can you elaborate, or point me to a document that describes using
geom_gate ? My
to a document that describes using
geom_gate ? My only exposure to these things was with the GBDE HOWTO:
Read the man pages for ggatec and ggated.
Furthermore read the man page for ssh, especially the part about the -L
option.
--
Christian Laursen
://www.rsync.net/resources/howto/freebsd_sshfs.html
The good news is, it works great. The bad news is, I cannot create a GBDE
in the mounted sshfs. Here are the details:
When I place the backing-store-file (for my GBDE) on a mounted sshfs
(fuse) volume, it no longer works. Specifically, when I
Hello again everybody!
A few days back I got my first GBDE-device up and running.
After that I had a slight problem described
in [EMAIL PROTECTED].
I already discribed this problem in a newsgroup
(comp.unix.bsd.freebsd.misc) and didn't get much help there[1] (apart
from the adive to use geli
Ab Normal wrote:
I've installed FreeBSD 6.0-CURRENT-SNAP005 (i386) on my stand-alone home
computer, which connects to the internet via adsl.
-CURRENT is development branch of FreeBSD and may be not very stable.
Also it has many debuging options turned on (read /usr/src/UPDATING) so
you may
graphics mode.
6. Having used the vnconfig utility and the vncrypt port in FreeBSD 4.x
to create file-backed encrypted devices, I applied an analogous
procedure using mdconfig and gbde in 6.0. Although it works, processing
of the encrypted file system seems quite sluggish with gbde compared
I wrote:
1. In the past, using FreeBSD 4.9 and 4.10, I connected to my dsl
modem/router using pptpclient. With pptpclient on 6.0, however, I
noticed that download speed from the internet was very slow -- only
about 20 percent of the rate I was accustomed to. A check with top
revealed that
I've found a few placed where Poul-Henning Kamp mentions that gbde
will accept any byte string as a passphrase and that the design of
gbde also makes 2 factor authentication possible. I took that to
understand that I might be able to use a file of random data from a
usb key (something I have
On Monday 28 March 2005 17:34, Peter Schuller wrote:
Instead of destroy I use nuke.
Thanks!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL
Instead of destroy I use nuke.
Thanks!
--
/ Peter Schuller, InfiDyne Technologies HB
PGP userID: 0xE9758B7D or 'Peter Schuller [EMAIL PROTECTED]'
Key retrieval: Send an E-Mail to [EMAIL PROTECTED]
E-Mail: [EMAIL PROTECTED] Web: http://www.scode.org
Hello,
I would like to use gbde to encrypt some disks. Using an external lockfile
things work pretty much as documented (except for some options that aren't
supported
by the tool, but which are listed in the manpage). However, for this particular
situation, I do not want to use an external
Peter Schuller wrote on Saturday 26 March 2005 12:09 in the group
list.freebsd.questions:
Hello,
I would like to use gbde to encrypt some disks. Using an external lockfile
things work pretty much as documented (except for some options that aren't
supported by the tool, but which are listed
All,
Is it possible to use vinum and gbde? I read in the handbook that
they were not compatible, but saw a number of posts on the Internet
that mention an integration of the two in 5.x.
Thanks!
--Nick
___
freebsd-questions@freebsd.org mailing list
, 3010976,
3387328, 3763680,
...
Great, so now I'd like to use gbde on hgas1f.
dna# gbde init /dev/mirror/hgsas1f -L /etc/hgsas1f.lock
Enter new passphrase:
Reenter new passphrase:
dna# gbde attach mirror/hgsas1f -l /etc/hgsas1f.lock
Enter passphrase:
dna#
So everything *seems* cool
gbde: Attach to NO faile: Provider not found
Attach Failed: attempt 1 of 3.
Enter passphrase:
I dont recall if I enabled gbde. Any idea, what might have happened ?.
More importantly, can anyone tell me how to get around this and continue
with my booting sequence ? In my previous build using STABLE
gbde: Attach to NO faile: Provider not found
Attach Failed: attempt 1 of 3.
Enter passphrase:
I dont recall if I enabled gbde. Any idea, what might have happened ?.
More importantly, can anyone tell me how to get around this and continue
with my booting sequence ?
Thanks in advance.
Bala
passphrase: When I hit ENTER
gbde: Attach to NO faile: Provider not found
Attach Failed: attempt 1 of 3.
Enter passphrase:
I think pjd has already fixed this (but I currently run RELENG_5, so I
haven't tested it). Try to update your sources again and see
for NO.
Enter passphrase: When I hit ENTER
gbde: Attach to NO faile: Provider not found
Attach Failed: attempt 1 of 3.
Enter passphrase:
I dont recall if I enabled gbde. Any idea, what might have happened ?.
More importantly, can anyone tell me how to get
In message [EMAIL PROTECTED], David Kreil writes:
On a modern disk there is no sequence of writes that will guarantee
you that your data is iretriveable lost.
Even if you rewrite a thousand times, you cannot guard yourself against
the sector being replaced by a bad block spare after the first
Dear Poul-Henning,
On a modern disk there is no sequence of writes that will guarantee
you that your data is iretriveable lost.
Even if you rewrite a thousand times, you cannot guard yourself against
the sector being replaced by a bad block spare after the first write.
Good point. In
In message [EMAIL PROTECTED], David Kreil writes:
Hi,
From what I can see so far, they are simply overwritten with zeros - is that
right? If so, the blackening feature would be much weakend, as once can read
up to 20 layers of data even under random data (and more under zeros). I would
be
Dear Poul-Henning,
Thank you very much for your comments!
From what I can see so far, they are simply overwritten with zeros - is
that
right? If so, the blackening feature would be much weakend, as one can read
up to 20 layers of data even under random data (and more under zeros).
I
knowledgable about gbde internals could tell
me how the keys are being destroyed on request under the blackening feature.
Ideally, I'd like them to be overwritten with random data at least 20 times
independently, but I suspect it may well be done in a different way. I'd be
grateful for learning how
is a
risk and how to fix it requires quite a bot of knowledge that I lack, like
knowing where to look in the gbde code (maybe I misunderstood?), or writing
code that is disk driver/hardware caching aware and can hence force a
flush.
I'd be most grateful for any help or suggestions.
With best regards
On Fri, 03 Sep 2004 19:41:18 -0400, Len Zettel [EMAIL PROTECTED] wrote:
snip
While i am not an expert in this area, I can not help but wonder---
Who are you worried about recovering the data, under what
circumstances? My best guess is that recovering anything from
even _one_ data over-write is
materials.
Now, I'm not interested in an exercise of extreme paranoia. If overwritten keys can,
however, easily be recovered then I'd consider this a relative weakness compared to
all the sophisticated effort that has gone into the design of gbde and its encryption
algorithms.
My question hence
Hello,
I was wondering whether someone knowledgable about gbde internals could tell
me how the keys are being destroyed on request under the blackening feature.
Ideally, I'd like them to be overwritten with random data at least 20 times
independently, but I suspect it may well be done
Hi everyone,
is there an ETA for GBDE to move in the stable branch?
Thanks,
DrVince
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
In the last episode (Jul 01), DrVince said:
Hi everyone,
is there an ETA for GBDE to move in the stable branch?
GBDE is based on GEOM, which is too large of a subsystem to be
backported to 4.x. It'll be available in -STABLE when the stable tag
gets shifted to the 5.x branch :)
--
Dan
On Sunday 23 May 2004 01:56, Robert Storey wrote:
On Sat, 22 May 2004 12:54:29 +0200
platanthera [EMAIL PROTECTED] wrote:
On Friday 21 May 2004 17:49, platanthera wrote:
hi all,
I want to move my home directory to a gbde encrypted partition.
I plan to have only the default
On Friday 21 May 2004 17:49, platanthera wrote:
hi all,
I want to move my home directory to a gbde encrypted partition.
I plan to have only the default dotfiles in /home/xxx (before
mounting the encrypted partition), log in as usual, attach and fsck
the encrypted partion and then mount
On Sat, 22 May 2004 12:54:29 +0200
platanthera [EMAIL PROTECTED] wrote:
On Friday 21 May 2004 17:49, platanthera wrote:
hi all,
I want to move my home directory to a gbde encrypted partition.
I plan to have only the default dotfiles in /home/xxx (before
mounting the encrypted
hi all,
I want to move my home directory to a gbde encrypted partition.
I plan to have only the default dotfiles in /home/xxx (before mounting
the encrypted partition), log in as usual, attach and fsck the
encrypted partion and then mount it 'over' /home/xxx.
Is there anything wrong
Hi,
I wanted to toy around with an encrypted drive, so I added the GEOM_BDE option to my
5.2.1-P4 kernel and installed a 40Gb Maxtor I had laying around in an old Compaq PII.
Now, all is well, until I try to initialize the drive:
$ gbde init ad2s1c -L /etc/gbde/ad2s1c.lock
gbde
/dev/xxx (xxx only doesn't work)
First, what's not working :
-- Without detached lockfile
# kldload geom_bde
# gbde init /dev/da0 -i
# gbde attach da0
# gbde detach da0
# gbde destroy da0
Enter passphrase:
gbde: read: Inappropriate ioctl for device
and also
# gbde destroy /dev/da0
Enter passphrase
I've been playing around with GBDE under 5.2RC2-1. It's a fantastic
encrypted FS.
Following the man page, I've tried to use the destroy command but
without success.
Here is what I did to create the encrypted FS (for this test I didn't
use the /dev/random to fill-up the disc).
# kldload
Sorry I can not help you with your problem.
An totally encrypted file system sounded very interesting,
I tried to find GBDE in the FBSD ports/package collection and
there is no hit on GBDE, or gbde, or encrypted FS.
Would you please provide the ports name or an URL to where I
can find out more
).
Below you'll find some links to relevant documents.
White paper on GBDE
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
Some slides on GBDE
http://phk.freebsd.dk/pubs/bsdcon-03.slides.gbde.pdf
Another how-to
http://bsdhound.com/newsread_print.php?newsid=63
Encrypt a USB Thumbdrive using CFS
on md-filesystems.
But another thing came to my mind - is it possible to encrypt
partitions on a USB-stick using GDBE? (If that worked, it would
remove the need for encrypted md-files...)
Benjamin
I will trade links with you. Here is a link to an article describing
GBDE on a USB
On Mon, 19 Jan 2004 19:59:07 -0500
Michael W. Oliver [EMAIL PROTECTED] wrote:
I will trade links with you. Here is a link to an article describing
GBDE on a USB ThumbDrive. If you are not bound by a privacy request,
please post the link to the patch you mention above.
Thank you very much
FreeBSD my primary OS, I need that functionality from
FreeBSD, too.
Now I read in the manual, that FreeBSD features GBDE (GEOM Based Disc
Encryption) for creating
encrypted filesystem.
I am not sure, however, if GBDE will work with filesystems that do not
reside on a physical disc.
Does anybody
Hello once more,
One of the readers has replied privately, telling me there's a patch for
FBSD 5.x, mdcrypt, he also supplied me with a URL for downloading
(thank you very much!). GDBE, he told me, would most probably not work
on md-filesystems.
But another thing came to my mind - is it possible
not work
on md-filesystems.
But another thing came to my mind - is it possible to encrypt partitions
on a USB-stick using GDBE? (If that worked, it would remove the need for
encrypted md-files...)
Benjamin
I will trade links with you. Here is a link to an article describing
GBDE on a USB
Hello,
my system crashed and the filessystems were not properly unmountet.
After the reboot my GBDE partition makes some problems.
When initializising GBDE and running
fsck -p -t ffs /dev/ad1s1.bde
this error occurs:
/dev/ad1s1.bde: CG 416: BAD MAGIC NUMBER
/dev/ad1s1.bde: UNEXPECTED SOFT
Hi FreeBSD Gurus,
Anyone out there who's using this new FreeBSD 5.0 filesystem encryption
feature, gbde?
If yes, may I ask to drop few lines with an example about hot to
create/mount/umount an encrypted fs? The examples in the man don't work
for me...
Thanks Regards
To Unsubscribe: send mail
I'm having troubles with gbde(4), I've read the man pages, and followed the
examples, and it still doesn't work.
bash-2.05b# gbde init /dev/ad0s2a -L /etc/ad0s2a.lock
gbde: /dev/ad0s2a: No such file or directory
bash-2.05b#
bash-2.05b# ls /dev/ad0s*
/dev/ad0s1 /dev/ad0s2 /dev/ad0s2a
I keep ketting errors when trying to make my root filesystem encrypted:
bash-2.05b# gbde init /dev/ad0s2a
gbde: /dev/ad0s2a: No such file or directory
bash-2.05b#
bash-2.05b# ls /dev/ad0*
/dev/ad0/dev/ad0s2 /dev/ad0s2b /dev/ad0s2d /dev/ad0s2f
/dev/ad0s1 /dev/ad0s2a
71 matches
Mail list logo
