freebsd-security Digest, Vol 522, Issue 1
John-Mark Gurney
jmg at funkthat.com
Thu Feb 19 22:09:18 UTC 2015
Alfred Hegemeier wrote this message on Thu, Feb 19, 2015 at 12:50 +0000:
> just encrypt the whole hard drive with Geli.
> That's the only protection I see: everything passing through the controllers is encrypted - unless keyloggers are installed, which you best protect against completely firewalling the "core" system, andhaving jails to access the outer world.
> PCbsd already dumped complete auto hard drive encryption in their latest products - the automatic full HD encr was dumped when the Snowden stuff was revealed, I think with 10 release.So, I guess, they know why they removed it - makes it to secure.
>
> Which brings up an important question: how 'safe' is the encryption Geli, i.e. how can we know that developers are not on any agencies pay list ?Does that make sense what I am writing in your opinion ?
Having working on the AES-XTS code, and looked at the geli code to make
it go faster, it's good code.. I don't see any major issues w/ it
besides what is well know w/ using the various modes...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-security
mailing list