Re: harddrive encryption
On Tue, Jan 18, 2011 at 06:15:50PM +0100, Roland Smith wrote: > > What do you folks think of the relative merits of AES vs Blowfish for > > disk encryption? > > Neither have been broken with their complete number of rounds. Versions of > both can be broken with a reduced number of rounds. See > http://www.schneier.com/paper-blowfish-oneyear.html for some analysis of > blowfish, and e.g. http://www.schneier.com/paper-rijndael.html for several > attacks on Rijndael with reduced rounds. It seems I have to correct myself here. According to a presentation by Colin Percival [1] (slides [2]), blowfish is not safe because it uses a relatively small block size (for compatibility with DES, IIRC), which makes it more likely that you can get two identical blocks of (cypher)text in one message, giving an attacker an avenue of attack. His recommendation is to use AES. This is wat geli(8) recommends as well. [1]: http://blip.tv/file/3627639 [2]: http://www.bsdcan.org/2010/schedule/attachments/135_crypto1hr.pdf Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgplLh7SWen7j.pgp Description: PGP signature
Re: harddrive encryption
On Tue, 18 Jan 2011 08:10:40 -0800 Chip Camden wrote: > It seems prudent to me to reduce the attack surface to that which > really needs to be defended -- "When you defend everything, you > defend nothing". Not to mention avoiding the overhead of encrypting > OS files. I don't think the plain text is really much of an issue. AFAIK the kinds of attack that use large amounts of plaintext are relatively sophisticated and yield only small amounts of information. Most people only need to worry about passphrase attacks. There are two main advantages to full disk encryption. One is that the non-encrypted part can be kept on a memory stick, which is easier to keep secure. This makes it impractical for an attacker to install modified software while geli is detached - although you are still vulnerable to hardware and firmware modifications. The other main advantage is that it prevents information leakage. If you just encrypt data, you should also give some thought encrypting the swap partition with a one-time key and using tmpfs. There's also /var/tmp which may be mitigated by setting appropriate environment variables to keep user data in home directories. Private information may leak through log or cache files. Some people think it's easier and safer to encrypt the lot. > What do you folks think of the relative merits of AES vs Blowfish for > disk encryption? At the higher levels of paranoia Blowfish's 64 bit block size is a cause for concern, but unless you are going up against serious crypto-analysis I doubt it matters much. However you may need to take account of performance. My fairly old cpu uses 100% of it's single core copying large files between geli partitions. Journalling makes things even worse. If you have cores and cycles to spare you probably wont notice, but it's still there. Blowfish is faster than AES, but some CPUs may be able to offload AES to hardware accelerators. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: harddrive encryption
no at installation if you use standard installer. as i don't use standard installer at all, i don't have such a problem. i use any bootable FreeBSD media (actualy my own made pendrive), and then make labels, do newfs, mount, unpack files etc. if you can't do that then you may follow my advice install as usual, but make partitions like a: root - 10-20GB b: swap - as you need d: rest - don't allow to directory install on a and b. then after booting your system, and building and installing your kernel with GEOM_ELI inside: geli init -s 2048 (or 4096 whatever fragment size you plan) /dev/ad0d (or ada0d or how is your disk named). geli attach /dev/ad0d newfs /dev/ad0d.eli mount /dev/ad0d.eli /mnt cd /mnt tar --exclude /usr -cf - /|tar xpf - so you have copied all data except /usr to /mnt then edit /mnt/etc/fstab make ad0d.eli as root and ad0a as /usr then edit /mnt/boot/loader.conf add vfs.root.mountfrom="ad0d.eli" then reboot to single user mode after booting /sbin/mount /usr - should mount fine cd /usr ls and delete with rm -rf everything except usr subdirectory then mv usr/* . rm -rf usr cd / rm -rf boot ln -s /usr/boot . then press CTRL-D and you have your encrypted system up. You don't have /usr encrypted as your software packages are not secred data. /usr is a: partition so bootloader boots from here. /usr/boot is linked to /boot to make it accessible for system programs as usual. but your /usr/local/etc may be secred so cd /usr/local mv etc /etc/local ln -s /etc/local etc this is how i configure my system everywhere i use geli. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: harddrive encryption
On Mon, 17 Jan 2011 21:30:39 +0100 Alokat wrote: > is it possible to encrypt my full harddrive (excluding /boot) during > a freebsd installation. Or do I have to do this after the > installation manually? The FreeBSD installer (sysinstall) doesn't support anything other than plain UFS but PCBSD's (pc-sysinstall) supports encryption, ZFS etc. - and it can do a plain FreeBSD installation as well as PCBSD. You can get it from http://www.pcbsd.org . -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: harddrive encryption
On Tue, Jan 18, 2011 at 08:10:40AM -0800, Chip Camden wrote: > It seems prudent to me to reduce the attack surface to that which really > needs to be defended -- "When you defend everything, you defend nothing". > Not to mention avoiding the overhead of encrypting OS files. Indeed. > What do you folks think of the relative merits of AES vs Blowfish for > disk encryption? Neither have been broken with their complete number of rounds. Versions of both can be broken with a reduced number of rounds. See http://www.schneier.com/paper-blowfish-oneyear.html for some analysis of blowfish, and e.g. http://www.schneier.com/paper-rijndael.html for several attacks on Rijndael with reduced rounds. It looks like both are viable choices today. Certainly good enough to protect your data in case of hardware theft. No encryption method is secure against lead-pipe cryptanalysis. [http://www.schlockmercenary.com/2009-10-19] :-) But it seems like a safe bet that there will be more effort spent on breaking AES/Rijndael. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpNiIKaFRSNn.pgp Description: PGP signature
Re: harddrive encryption
Quoth Roland Smith on Tuesday, 18 January 2011: > On Mon, Jan 17, 2011 at 10:05:53PM -0700, Modulok wrote: > > On 1/17/11, Roland Smith wrote: > > > On Mon, Jan 17, 2011 at 09:30:39PM +0100, Alokat wrote: > > >> Hi, > > >> > > >> is it possible to encrypt my full harddrive (excluding /boot) during a > > >> freebsd installation. Or do I have to do this after the installation > > >> manually? > > > > > > Currently you have to do it manually afterwards. > > > > > > Personally, I would not bother encrypting the OS data; there is nothing > > > secret > > > there, and it does have a performance impact. Plus it would provide ample > > > material for a known-plaintext attack! > > > > > > > Modern ciphers such as AES are not susceptible to known plaintext > > attacks. > > That is indeed what it says on > http://en.wikipedia.org/wiki/Known-plaintext_attack. But without any > source or other justification. In this case, I'd say [citation needed]! > > At one time Enigma and DES were regarded as unbreakable. :-) > > Roland > -- > R.F.Smith http://www.xs4all.nl/~rsmith/ > [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] > pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) It seems prudent to me to reduce the attack surface to that which really needs to be defended -- "When you defend everything, you defend nothing". Not to mention avoiding the overhead of encrypting OS files. What do you folks think of the relative merits of AES vs Blowfish for disk encryption? -- Sterling (Chip) Camden | sterl...@camdensoftware.com | 2048D/3A978E4F http://chipsquips.com | http://camdensoftware.com | http://chipstips.com pgp3LLybZAwl4.pgp Description: PGP signature
Re: harddrive encryption
On Mon, Jan 17, 2011 at 10:05:53PM -0700, Modulok wrote: > On 1/17/11, Roland Smith wrote: > > On Mon, Jan 17, 2011 at 09:30:39PM +0100, Alokat wrote: > >> Hi, > >> > >> is it possible to encrypt my full harddrive (excluding /boot) during a > >> freebsd installation. Or do I have to do this after the installation > >> manually? > > > > Currently you have to do it manually afterwards. > > > > Personally, I would not bother encrypting the OS data; there is nothing > > secret > > there, and it does have a performance impact. Plus it would provide ample > > material for a known-plaintext attack! > > > > Modern ciphers such as AES are not susceptible to known plaintext > attacks. That is indeed what it says on http://en.wikipedia.org/wiki/Known-plaintext_attack. But without any source or other justification. In this case, I'd say [citation needed]! At one time Enigma and DES were regarded as unbreakable. :-) Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp0R6KyuSdkq.pgp Description: PGP signature
Re: harddrive encryption
On 1/17/11, Roland Smith wrote: > On Mon, Jan 17, 2011 at 09:30:39PM +0100, Alokat wrote: >> Hi, >> >> is it possible to encrypt my full harddrive (excluding /boot) during a >> freebsd installation. Or do I have to do this after the installation >> manually? > > Currently you have to do it manually afterwards. > > Personally, I would not bother encrypting the OS data; there is nothing > secret > there, and it does have a performance impact. Plus it would provide ample > material for a known-plaintext attack! > Modern ciphers such as AES are not susceptible to known plaintext attacks. The advantage to full disk encryption, including operating system data, is that nothing is ever accidently missed. The hard drive can safely be thrown out when it fails or is decomissioned, with no worry that some temporary file or database somewhere you forgot about, wasn't on the right partition. Regardless, these are only offline protections from physical theft for low to moderately motivated attackers. If you had a database of medical or financial records, disk encryption is probably a good thing. Otherwise http://xkcd.com/538/ The real danger, is loss or corruption of the decryption keys. Make backups! -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: harddrive encryption
On 1/17/11 5:53 PM, Roland Smith wrote: Do not rely on a keyfile that resides on a disk in the machine (that would make encryption futile)! Use a passphrase instead. I'd think that depends on your use case. If you're encrypting removable drives and then shipping them elsewhere, such as for off-site backup, and you trust the physical security for the computer a lot more than you trust the courier and/or storage site Of course, I would agree that that's probably not what the OP has in mind. :-) -- --Jon Radel j...@radel.com
Re: harddrive encryption
Quoth Roland Smith on Tuesday, 18 January 2011: > > Since you are making a backup, why not just run geli(8), newfs(8) the new > encrpyted partition and restore the data? I don't think it is much slower, and > it is a _lot_ safer. > That makes a lot of sense. I don't know why I had such a mental block about running newfs(8) on the partition. Thanks! -- Sterling (Chip) Camden | sterl...@camdensoftware.com | 2048D/3A978E4F http://chipsquips.com | http://camdensoftware.com | http://chipstips.com pgp9VWOZcZ1pk.pgp Description: PGP signature
Re: harddrive encryption
On Mon, Jan 17, 2011 at 02:38:38PM -0800, Chip Camden wrote: > Quoth Chuck Swiger on Monday, 17 January 2011: > > On Jan 17, 2011, at 12:30 PM, Alokat wrote: > > > is it possible to encrypt my full harddrive (excluding /boot) during a > > > freebsd installation. Or do I have to do this after the installation > > > manually? > > > > I don't believe the current installer knows about HD encryption. Do it > > after the install by following the fine documentation in the handbook: > > > > http://www.freebsd.org/doc/handbook/disks-encrypting.html > > > > Regards, > > One thing I don't get from that fine documentation: is it possible to > take an existing hard drive with data and encrypt it? Or do I have to > create a new encrypted partition and copy all the files to it? It is not supported to encrypt in-situ, to the best of my knowledge. But that does not make it impossible. The question is if it is worth the risk? :-) If you use geli(8) on e.g. /dev/da0s1, an encrypted device /dev/da0s1.eli is created. The last sector of /dev/da0s1 is used to store the GEOM data, so /dev/da0s1.eli is a sector smaller than /dev/da0s1. But the devices overlap. If you are _certain_ that the original filesystem on /dev/da0s1 does not use the last sector, you might get away with copying the data from /dev/da0s1 to /dev/da0s1.eli sequentually. (As in read sector N..M from da0s1 into memory, and write it to sector N..M of /dev/da0s1.eli, then make N=M+1 and repeat.) But be _very_ careful not to overwrite the last sector of /dev/da0s1, or you will lose the GEOM data that identifies /dev/da0s1.eli, making it unusable. The problem here is that you are probably going to many copy sectors that are not used by the original filesystem. (Keep in mind that as soon as you start writing to the start of /dev/da0s1.eli, the _filesystem_ on /dev/da0s1 becomes corrupted and useless) And it would be wise to make a backup of the data before trying something like this! Since you are making a backup, why not just run geli(8), newfs(8) the new encrpyted partition and restore the data? I don't think it is much slower, and it is a _lot_ safer. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpxdltjWyWhN.pgp Description: PGP signature
Re: harddrive encryption
On Mon, Jan 17, 2011 at 09:30:39PM +0100, Alokat wrote: > Hi, > > is it possible to encrypt my full harddrive (excluding /boot) during a > freebsd installation. Or do I have to do this after the installation > manually? Currently you have to do it manually afterwards. Personally, I would not bother encrypting the OS data; there is nothing secret there, and it does have a performance impact. Plus it would provide ample material for a known-plaintext attack! What you can do is set apart a partition during installation where you are going to store your data, be it /home, /var/www or whatever. After installation, encrypt that partition with geli(8), newfs it and put the name of the *.eli device in /etc/fstab. That should make the startup scripts ask for the passphrase. Do not rely on a keyfile that resides on a disk in the machine (that would make encryption futile)! Use a passphrase instead. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpLODE20gvCW.pgp Description: PGP signature
Re: harddrive encryption
Quoth Chuck Swiger on Monday, 17 January 2011: > On Jan 17, 2011, at 12:30 PM, Alokat wrote: > > is it possible to encrypt my full harddrive (excluding /boot) during a > > freebsd installation. Or do I have to do this after the installation > > manually? > > I don't believe the current installer knows about HD encryption. Do it after > the install by following the fine documentation in the handbook: > > http://www.freebsd.org/doc/handbook/disks-encrypting.html > > Regards, > -- > -Chuck > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" One thing I don't get from that fine documentation: is it possible to take an existing hard drive with data and encrypt it? Or do I have to create a new encrypted partition and copy all the files to it? -- Sterling (Chip) Camden | sterl...@camdensoftware.com | 2048D/3A978E4F http://chipsquips.com | http://camdensoftware.com | http://chipstips.com pgpkUE50Zl1Za.pgp Description: PGP signature
Re: harddrive encryption
On Jan 17, 2011, at 12:30 PM, Alokat wrote: > is it possible to encrypt my full harddrive (excluding /boot) during a > freebsd installation. Or do I have to do this after the installation manually? I don't believe the current installer knows about HD encryption. Do it after the install by following the fine documentation in the handbook: http://www.freebsd.org/doc/handbook/disks-encrypting.html Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
harddrive encryption
Hi, is it possible to encrypt my full harddrive (excluding /boot) during a freebsd installation. Or do I have to do this after the installation manually? cYa, alokat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"