[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: crypto file system - URGENT REQUEST FOR HELP

--- "Dr. Evil" <drevil_(_at_)_sidereal_(_dot_)_kz>
> wrote:

>attackers?  A lot of good, actually... because it's pretty hard to
>break root on OpenBSD, and 99.9% of attackers who are going to steal a
>machine just steal it, without spending $1mil to instrument it first.
>So there is a real security advantage to OpenBSD having an encrypted
>FS, we just have to be clear that an encrypted FS doesn't magicly make
>the data secure.  It's just one more component to an ultimately secure
>system, which hasn't been built yet, and, at some level, can never
>really be built.  But you all knew that, didn't you?

IMHO, which may not amount to a hill of beans, if you
have data on machines that has value in excess of a
million <insert dollars, pounds, marks, etc> then I
think that your time would be better off spent in
improving your physical security rather than an
encrypted FS. Good physical security has the added
advantage of not having the possibility of corrupting
your data. In my experience, the only people who worry
about having an encrypted FS are people who worry about
Law Enforcement gaining access to their data. And as
was pointed out in Dr Evil's post, an encrypted FS does
nothing to increase the security of your boxes if it
is rooted.

If we are counting votes here, my vote is no. If some-
one wants to independently develop an encrypted FS and
have it included in the ports then I am all for it.
However, I think the less things in /src the better.

Just my 2p

Bob Dog

Visit these sites today
Blink 182 Fan Site - www.blink182.co.nz
NZ Skateboarding - www.nzskate.com

Visit your host, monkey.org