RFC: backporting GEOM to the 4.x branch

Bill Hacker wbh at conducive.org
Thu Mar 3 05:05:18 PST 2005


Ed wrote:

On Thursday 03 March 2005 00:05, Matthew Dillon wrote:

  Personally speaking I have no problem making ultra encryption available
  to the general public, but I do believe (personally speaking) that the
  *default* should be something slightly less secure just so criminals
  and terrorists (at least the stupid ones, which is most or they wouldn't
  be criminals or terrorists), don't get an automatic boost from our work.


"Terrorists use Linux."

That sort, as with anyone else with information to protect, do not rely 
on any 'on box' system.

- If it is 'on box' the keys, passphrases - whatever - can be sniffed / 
recorded when used.

- If encryption is not 'reversible' by the owner of the information, it 
is useless.

- The most complex and 'unbreakable' of algorithms becomes pure overhead 
when
IS-spoofing, purloining, intercepting, or 'rubber-hose' obtaining of the 
keys is / easier / faster / cheaper.

Optional userland, user-unique 'per-file' encryption is useful, not 
impregnable, but can
be at least as secure, perhaps more so, and requires nothing special of 
the fs or os.

CD/DVD-R have made 'One Time Pad' generation, exchange, storage, and use 
dead easy,
 and OTP - properly used -  still ranks very high in resistance to 
cracking.

File systems should be robust, reliable, recoverable from common faults, 
and fast.
In that order.

Anything complex embedded into the fs is a waste if a 'root' privilege 
exists.

Were it otherwise, encrypted fs would have become the rule, not the 
exception, long since.

Leave these things up to userland tools.

They wouldn't - and shouldn't - trust a 'system feature' anyway - not 
even on their own single-user box.

Bill





More information about the Kernel mailing list