geli external header (metadata)
Greg Rivers
gcr+freebsd-geom at tharned.org
Sun Jun 9 19:51:46 UTC 2013
On Sun, 9 Jun 2013, Pawel Jakub Dawidek wrote:
> On Sat, Jun 08, 2013 at 03:02:10PM +0300, Andrew Romero wrote:
> > Hi all
> > I made a patch to support of external header (metadata) on GEOM ELI (geli)
> >
> > System: FreeBSD 9-STABLE r250964 i386
> >
> > geli patch - http://pastebin.com/UGpnMN19
> > regresion patch - http://pastebin.com/hJVkTpJZ
>
> I don't mean to discourage you, but every additional complexity comes at
> risk and it case of GELI this is security risk. What is missing in your
> work is explanation how it that useful for the users? How do you use it?
> First I need to understand and be convinced that this functionality is
> generally useful and thus is worth additional complexity and risk.
>
I can't speak for Mr Romero, but I imagine what he's after is plausible
deniability. The GELI metadata on a volume unambiguously declares it to
be encrypted data.
Properly implemented, I think this could be a worthwhile enhancement for
certain applications or circumstances where one may not wish to invite
further scrutiny.
--
Greg Rivers
More information about the freebsd-geom
mailing list