rwmaillists at googlemail.com
Wed Jan 19 00:55:09 UTC 2011
On Tue, 18 Jan 2011 08:10:40 -0800
Chip Camden <chip.camden at gmail.com> wrote:
> It seems prudent to me to reduce the attack surface to that which
> really needs to be defended -- "When you defend everything, you
> defend nothing". Not to mention avoiding the overhead of encrypting
> OS files.
I don't think the plain text is really much of an issue. AFAIK the
kinds of attack that use large amounts of plaintext are relatively
sophisticated and yield only small amounts of information. Most people
only need to worry about passphrase attacks.
There are two main advantages to full disk encryption. One is that the
non-encrypted part can be kept on a memory stick, which is easier to
keep secure. This makes it impractical for an attacker to install
modified software while geli is detached - although you are still
vulnerable to hardware and firmware modifications.
The other main advantage is that it prevents information leakage. If
you just encrypt data, you should also give some thought encrypting the
swap partition with a one-time key and using tmpfs. There's
also /var/tmp which may be mitigated by setting appropriate environment
variables to keep user data in home directories. Private information
may leak through log or cache files. Some people think it's easier and
safer to encrypt the lot.
> What do you folks think of the relative merits of AES vs Blowfish for
> disk encryption?
At the higher levels of paranoia Blowfish's 64 bit block size is a
cause for concern, but unless you are going up against serious
crypto-analysis I doubt it matters much. However you may need to take
account of performance. My fairly old cpu uses 100% of it's single core
copying large files between geli partitions. Journalling makes things
even worse. If you have cores and cycles to spare you probably wont
notice, but it's still there. Blowfish is faster than AES, but some
CPUs may be able to offload AES to hardware accelerators.
More information about the freebsd-questions