Contributed by jose on from the privacy dept.
"OpenBSD has the mantra of "crypto everywhere". This includes the network, the swap space, everywhere... except for the filesystem itself! Let's face it, physical security of servers is not always what it should be, and sometimes the costs of fixing physical security problems are out of budget. Encrypted filesystems would add a tremendous layer of safety. If the box is stolen, it would be impossible to recover useful data from it, unless somehow it is stolen with the UPS attached."
"Unfortunately, OpenBSD's FS doesn't have good built-in crypto filesystem support. Loopback is an option, but not something you would want to use in a production system with important data on it.I had a look at mount_tcfs(8) , but it said it was for developers only. We covered vnconfig recently, but that seemed to have some limitations which leaft it unsuitable for general use. Anything else out there?So, is there any hope for solid crypto FS support in future versions of OpenBSD? Or should the mantra change to "crypto almost everywhere"? Suse and Mandrake Linux both have it, and Windows XP even has it. Will OpenBSD get on the crypto bandwagon? One possible way this could happen is if ReiserFS is ever ported to OpenBSD.
Thanks for any comments on this."
(Comments are closed)
By Anonymous Coward () on http://www.rubberhose.org/
Might be nice to see OpenBSD support added in the future as well - but we'll see.
By Partisan () ntobik@hotmail.com on mailto:ntobik@hotmail.com
Nate
By Anonymous Coward () on
Thoughts?
By schubert () on
If the data NEEDS strong encryption so if, in the event the machine is stolen, or whatever... you must be prepared for the loss of that information. If you aren't prepared to lose that information, then any method of encryption is useless because you aren't prepared for the problems in a faulty encryption system that scrambles things, lost passwords which makes the data unrecoverable or a hardware failure which hoses the data anyways.
That said there is still a need for it (think military secrets), where, in the event the data being compromised whether being stolen or by failure, its better for NOBODY to have the information then to risk letting the enemy have it. But unless you accept that risk that you might lock yourself out or trash it, you shouldn't consider it.
It also comes down to the issue of whether you really need filesystem-wide encryption... the benefit of course is privacy.. and to eliminate the fact that specifically encrypted files are a big fat target when people are looking for the good stuff, if you're just wanting to keep missy from looking at your "image collection", stick with less encompassing schemes like cfs or something else.
As for the "wouldn't it be cool" factor... yeah it would be cool if someone wrote it instead of speculating on how cool it would be.. it'd also be cool if hard drives never failed, cd's never scratched and software bugs didn't exist.
By francisco () on http://www.blackant.net/
that sounds real nasty so maybe you could use tar and dump provided you pass the data through an encrypting filter before it reaches the media.
By RC () on
By pixel fairy () on http://pixel.fairyden.net
so, have a really small root partition, encrypt everything else,and keep a cd you can mount to check all files in the root partition. if the other partitions dont mount, they were tampered with.
this is something good for laptops that may be stolen or tampered with (ie trojaned) without the
users knowledge.
By Adrian Close () adrian@close.wattle.id.au on mailto:adrian@close.wattle.id.au
By Phoenix () phoenix@dominion.ch on mailto:phoenix@dominion.ch
In three words: because we can.
By Don't Got None () on
By Anonymous Coward () on
You have no need to encrypt your basic system. If you're paranoid you can store a set of checksums on a CD to verify that the executables haven't been compromised, but it's generally a waste of time to encrypt the contents of /usr, /bin, etc.
However, a laptop or intrinsically insecure system (e.g., in a dorm room) could decide to encrypt some partitions. /home, maybe some spool directories (e.g., protecting undelivered mail, unprinted documents, etc.), plus the swap space.
If you do it right, the part that's unencrypted could be a generic installation and everything that's encrypted could go onto a separate disk. In an insecure server environment, you could even mount the disk in one of those removable trays and lock your encrypted disk into a safe overnight. Even a student in a dorm room can get a cheap fire safe from Target and toss a disk into it when it's not in use, and that will probably provide better security than the encryption since it will be so easy for roommates and others to observe him typing it in.
(Do not underestimate this - in college, I once freaked somebody out by telling them the root password after hearing them type it once. I could figure it out from the slightly different sound of the keys and the timing of their keystrokes.)
By Avery Roberts () averyroberts@hotmail.com on mailto:averyroberts@hotmail.com