geli external header (metadata)
Alaksiej
ac at belngo.info
Sun Jun 16 14:47:27 UTC 2013
>I can't speak for Mr Romero, but I imagine what he's after is plausible >deniability. The GELI metadata on a volume unambiguously declares it to >be encrypted data.
Agree. And I think this feature is in demand, taking into account
growing number of jurisdictions, where a person could be legally
obliged to surrender keys/passwords.
On Sun, Jun 9, 2013 at 10:51 PM, Greg Rivers
<gcr+freebsd-geom at tharned.org> wrote:
> On Sun, 9 Jun 2013, Pawel Jakub Dawidek wrote:
>
>> On Sat, Jun 08, 2013 at 03:02:10PM +0300, Andrew Romero wrote:
>> > Hi all
>> > I made a patch to support of external header (metadata) on GEOM ELI
>> > (geli)
>> > > System: FreeBSD 9-STABLE r250964 i386
>> > > geli patch - http://pastebin.com/UGpnMN19
>> > regresion patch - http://pastebin.com/hJVkTpJZ
>>
>> I don't mean to discourage you, but every additional complexity comes at
>> risk and it case of GELI this is security risk. What is missing in your work
>> is explanation how it that useful for the users? How do you use it? First I
>> need to understand and be convinced that this functionality is generally
>> useful and thus is worth additional complexity and risk.
>>
>
> I can't speak for Mr Romero, but I imagine what he's after is plausible
> deniability. The GELI metadata on a volume unambiguously declares it to be
> encrypted data.
>
> Properly implemented, I think this could be a worthwhile enhancement for
> certain applications or circumstances where one may not wish to invite
> further scrutiny.
>
> --
> Greg Rivers
>
> _______________________________________________
> freebsd-geom at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-geom
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe at freebsd.org"
More information about the freebsd-geom
mailing list