GELI - disk encryption GEOM class committed.
Poul-Henning Kamp
phk at phk.freebsd.dk
Fri Jul 29 06:31:20 GMT 2005
In message <42E981B9.5060500 at datacomm.ch>, Benjamin Lutz writes:
>Encryption Strength:
> GBDE - Uses AES128 for data encryption, with a different key per
> sector. Master key is encrypted using AES256 and stored on
> 4 random locations on the disk. Access key is SHA2/512bit
> hashed.
Just a clarification:
GBDE uses PRNG one-time-use per sector keys.
>Speed:
> GBDE - Runs in software.
I actually have a version which uses crypto(9) hardware but the gain
is a lot less than one would expect so I havn't completed it yet.
>Booting from Encrypted Root:
> GBDE - Doesn't say, probably doesn't work
Correct doesn't work without some special handling.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-current
mailing list