Depreciate and remove gbde

Julian H. Stacey jhs at berklix.com
Sat Oct 24 15:59:50 UTC 2015


> >If you want a secure filesystem I think that at this particular time
> >it would be entirely reasonable to use both gbde and geli stacked on
> >top of each other[...]

I've often wondered if multiple encryption (CPU permitting) is sensible in 
case one day some method is cracked but another stays secure.
There's been recent discussions on cracking algorithms at
 http://lists.gnupg.org/pipermail/gnupg-users/2015-October/054586.html

I see man geli has:
	Supports many cryptographic algorithms (currently AES-XTS,
	AES-CBC, Blowfish-CBC, Camellia-CBC and 3DES-CBC).
NAME section of man 1 gbde & geli both ref. GEOM.
Skimming man 1 4 8 gbde geom I'm not sure how gbde compares.


> Nobody is going to break through the GELI or GBDE crypto, they'll
> find their way to the keys instead, or more likely, jail you until
> you sing.

Yes, if 'they' are physicaly present government, criminals etc.

Encryption (& perhaps multiple encryption) is nice against eg
- sneak thieves/ industrial spies/ remote hostile governments,
- where one must sometimes share root with others.
- scanners remote or local 
   (Scanners could be hidden in BLOBs. Anyone else worry how many
   binary BLOBs are in FreeBSD, especially ports/ ?  I started a
   list a couple of years back, got scared how many, then stopped
   after I realised a list was not maintainable & better to add a
   BLOB_HAZARD= label to ports Makefiles, but no one seemed interested ).
- Casual physical loss:
  - My brother's USB stick fell off its plastic retainer to key ring,
    picture: http://www.conrad.de/ce/de/product/417197/
  - Small shiney USB sticks on desk could be attractive like jewelery
    to birds such as magpies (`Elster' fly here, I stopped one thieving
    a shiney foil wrapped bar, a lot heavier & bigger than a USB stick).

My data is long encrypted, I'll buy phk@ a beer if we meet somewhere :-)

Cheers,
Julian
--
Julian Stacey,  BSD Linux Unix Sys. Eng. Consultant Munich http://berklix.com
 Reply After previous text to preserve context, as in a play script.
 Indent previous text with > 		Insert new lines before 80 chars.
 Use plain text, Not quoted-printable, Not HTML, Not base64, Not MS.doc.


More information about the freebsd-current mailing list