Hard drive encryption

Charles Ulrich charles at idealso.com
Fri Sep 17 12:19:02 PDT 2004 

Jim.Kinsey at nokia.com said:
>
>
> Hello,
>
> I am writing to inquire about a hard drive encryption software that is
> compatible with FreeBSD.  We have been using PointSEC with windows and am
> looking for a similar solution for FreeBSD.  I see you have  GEOM Based Disk
> Encryption (gbde)   Which I have read about on your web site, but the folks
> here are resistant to using it and are asking for a 3rd party solution that is
> separate from the OS.

I don't know what third-party disk encryption services there are available for
FreeBSD nor do I know what the status of gbde is currently, but there is no
inherent reason that a third-party encryption service would be any more stable
or robust than one that's built into the OS. In fact, I'd argue just the
opposite, as the people who wrote gbde also work on related parts of the
FreeBSD kernel and nearly all of the core FreeBSD developers are well-known
for their ability to design and write quality, stable code. They would also be
the first ones to notice a change to the kernel that would adversely effect
gbde and probably also the first ones to fix such a problem.

> Do you have anything in mind?  I understand that gbde
> requests a password before the partition can be mounted anyway so this
> simulates the same functionality of PointSEC, but since it is part of the OS,
> it seems that if someone has access to the OS, they could still get in.  Is
> that right?

No, otherwise there would be no point in encrypting the data on the disk.
Encryption means that even if someone were to get their hands on the physical
disk (which is always considered the worst-case scenario, from a security
standpoint) and read all of the data off it, they could never use it to gain
any information since the data would appear scambled unless they decrypted it
with the appropriate key (the password, in this case).

In other words, it's not the operating system that allows/disallows access to
an ecrypted disk, it's the mathematical encryption algorithms. Similarly, disk
encryption has nothing to do with allowing/disallowing access to the system,
only its data.

-- 
Charles Ulrich
System Administrator
Ideal Solution - http://www.idealso.com

More information about the freebsd-questions mailing list