Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread lists
> I'm taking the plunge now.

You're done with the swings.



Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread Nick Holland
On 11/16/16 11:52, Ax0n wrote:
> I'm taking the plunge now. Mostly, I was concerned about SSD longevity and
> if TRIM would be a problem due to the different way data is going to be
> accessed. It was the cheapest drive I could find locally anyway, and I keep
> good backups (dump to a much larger external drive that's also using
> softraid crypto) so I suppose if it burns up in a year it's not really that
> big of a problem.

Make good backups, and if it burns up in a year (which it may or may not
do regardless of what SSD-specific bullsh*t you do with it), say
"thanks!" and go buy yourself one twice as big, twice as fast and half
as expensive (and possibly more reliable).

If it doesn't fail in a year or two, I suggest removing the SSD and a
wool carpet and rubber shoes, or better yet, just look panicked, tell
your significant other it failed and hope they don't look to closely,
and rush out to buy the upgrade.  The panicked look is important, though.

Nick.



Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread lists
Wed, 16 Nov 2016 19:10:08 +0100 ludovic coues 
> Trim and ssd longevity and what not may have been an issue when ssd where a
> novelty.
> These day, it should last just as long as an hard drive. So make backups if
> what matters and don't worry about your disk.

Hi Ludovic,

You have to face it, the issue is both is the SSD medium and controller.

I give it a decade of backed up cached usage, in lieu of actual storage.

It is an industry shame point solid state tech is beaten by mechanicals.

Kind regards,
Anton



Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread ludovic coues
Trim and ssd longevity and what not may have been an issue when ssd where a
novelty.
These day, it should last just as long as an hard drive. So make backups if
what matters and don't worry about your disk.

On 16 Nov 2016 5:54 p.m., "Ax0n"  wrote:

> I'm taking the plunge now. Mostly, I was concerned about SSD longevity and
> if TRIM would be a problem due to the different way data is going to be
> accessed. It was the cheapest drive I could find locally anyway, and I keep
> good backups (dump to a much larger external drive that's also using
> softraid crypto) so I suppose if it burns up in a year it's not really that
> big of a problem.
>
> On Wed, Nov 16, 2016 at 10:33 AM, Marc Peters  wrote:
>
> > Am 11/16/16 um 17:07 schrieb Ax0n:
> > > I'm less concerned about swap, and more concerned about how a fully
> > > encrypted softraid Solid State Disk is going to act. I can't find a lot
> > > about FDE on SSD.
> > >
> >
> > It acts as a normal harddisk would, just faster :). I had one in my
> > worklaptop i used before for about two years and i have one in my
> > worklaptop. No problems.



Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread Ax0n
I'm taking the plunge now. Mostly, I was concerned about SSD longevity and
if TRIM would be a problem due to the different way data is going to be
accessed. It was the cheapest drive I could find locally anyway, and I keep
good backups (dump to a much larger external drive that's also using
softraid crypto) so I suppose if it burns up in a year it's not really that
big of a problem.

On Wed, Nov 16, 2016 at 10:33 AM, Marc Peters  wrote:

> Am 11/16/16 um 17:07 schrieb Ax0n:
> > I'm less concerned about swap, and more concerned about how a fully
> > encrypted softraid Solid State Disk is going to act. I can't find a lot
> > about FDE on SSD.
> >
>
> It acts as a normal harddisk would, just faster :). I had one in my
> worklaptop i used before for about two years and i have one in my
> worklaptop. No problems.



Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread Marc Peters
Am 11/16/16 um 17:07 schrieb Ax0n:
> I'm less concerned about swap, and more concerned about how a fully
> encrypted softraid Solid State Disk is going to act. I can't find a lot
> about FDE on SSD.
> 

It acts as a normal harddisk would, just faster :). I had one in my
worklaptop i used before for about two years and i have one in my
worklaptop. No problems.



Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread Ax0n
I'm less concerned about swap, and more concerned about how a fully
encrypted softraid Solid State Disk is going to act. I can't find a lot
about FDE on SSD.

On Wed, Nov 16, 2016 at 9:41 AM, trondd  wrote:

> On Wed, November 16, 2016 10:23 am, Jiri B wrote:
> > On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote:
> >> I just purchased a SanDisk SSD for my daily-driver laptop which has been
> >> running -CURRENT well. I'm considering going with FDE and a fresh
> >> snapshot
> >> install, adding my packages then copying over what I need from my old
> >> spinning rust drive, mostly /home and the ssh host keys from /etc/ssh.
> >>
> >> Anything I should look out for? To be honest, this is my first
> >> experience
> >> installing anything onto an SSD so I'd be welcome to accept any pointers
> >> specific to OpenBSD. Searching misc@ for as long as I've been
> subscribed
> >> hasn't yielded any solid input on this.
> >
> > Not sure if encrypting swap makes still sense if you already have FDE.
> > What's recommended in this context?
> >
> > j.
> >
>
> It's been discussed previously.  Relavant comment from the thread:
>
> http://marc.info/?l=openbsd-misc=143206067713324=2
>
> And hint, you can search an online archive instead of being limited to
> searching "for as long as you've been subscribed" :)



Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread Stefan Sperling
On Wed, Nov 16, 2016 at 10:23:39AM -0500, Jiri B wrote:
> On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote:
> > I just purchased a SanDisk SSD for my daily-driver laptop which has been
> > running -CURRENT well. I'm considering going with FDE and a fresh snapshot
> > install, adding my packages then copying over what I need from my old
> > spinning rust drive, mostly /home and the ssh host keys from /etc/ssh.
> > 
> > Anything I should look out for? To be honest, this is my first experience
> > installing anything onto an SSD so I'd be welcome to accept any pointers
> > specific to OpenBSD. Searching misc@ for as long as I've been subscribed
> > hasn't yielded any solid input on this.
> 
> Not sure if encrypting swap makes still sense if you already have FDE.
> What's recommended in this context?
> 
> j.
> 

I always leave swap crypt enabled anyway. Less hassle, and one more layer
for an attacker to poke through for finding leftover bits of data from RAM.



Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread trondd
On Wed, November 16, 2016 10:23 am, Jiri B wrote:
> On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote:
>> I just purchased a SanDisk SSD for my daily-driver laptop which has been
>> running -CURRENT well. I'm considering going with FDE and a fresh
>> snapshot
>> install, adding my packages then copying over what I need from my old
>> spinning rust drive, mostly /home and the ssh host keys from /etc/ssh.
>>
>> Anything I should look out for? To be honest, this is my first
>> experience
>> installing anything onto an SSD so I'd be welcome to accept any pointers
>> specific to OpenBSD. Searching misc@ for as long as I've been subscribed
>> hasn't yielded any solid input on this.
>
> Not sure if encrypting swap makes still sense if you already have FDE.
> What's recommended in this context?
>
> j.
>

It's been discussed previously.  Relavant comment from the thread:

http://marc.info/?l=openbsd-misc=143206067713324=2

And hint, you can search an online archive instead of being limited to
searching "for as long as you've been subscribed" :)



Re: softraid(4) full-disk encryption on SSD

2016-11-16 Thread Jiri B
On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote:
> I just purchased a SanDisk SSD for my daily-driver laptop which has been
> running -CURRENT well. I'm considering going with FDE and a fresh snapshot
> install, adding my packages then copying over what I need from my old
> spinning rust drive, mostly /home and the ssh host keys from /etc/ssh.
> 
> Anything I should look out for? To be honest, this is my first experience
> installing anything onto an SSD so I'd be welcome to accept any pointers
> specific to OpenBSD. Searching misc@ for as long as I've been subscribed
> hasn't yielded any solid input on this.

Not sure if encrypting swap makes still sense if you already have FDE.
What's recommended in this context?

j.



softraid(4) full-disk encryption on SSD

2016-11-16 Thread Ax0n
I just purchased a SanDisk SSD for my daily-driver laptop which has been
running -CURRENT well. I'm considering going with FDE and a fresh snapshot
install, adding my packages then copying over what I need from my old
spinning rust drive, mostly /home and the ssh host keys from /etc/ssh.

Anything I should look out for? To be honest, this is my first experience
installing anything onto an SSD so I'd be welcome to accept any pointers
specific to OpenBSD. Searching misc@ for as long as I've been subscribed
hasn't yielded any solid input on this.

TIA!
--ax0n