RFC: backporting GEOM to the 4.x branch
wbh at conducive.org
Thu Mar 3 05:05:18 PST 2005
On Thursday 03 March 2005 00:05, Matthew Dillon wrote:
Personally speaking I have no problem making ultra encryption available
to the general public, but I do believe (personally speaking) that the
*default* should be something slightly less secure just so criminals
and terrorists (at least the stupid ones, which is most or they wouldn't
be criminals or terrorists), don't get an automatic boost from our work.
"Terrorists use Linux."
That sort, as with anyone else with information to protect, do not rely
on any 'on box' system.
- If it is 'on box' the keys, passphrases - whatever - can be sniffed /
recorded when used.
- If encryption is not 'reversible' by the owner of the information, it
- The most complex and 'unbreakable' of algorithms becomes pure overhead
IS-spoofing, purloining, intercepting, or 'rubber-hose' obtaining of the
keys is / easier / faster / cheaper.
Optional userland, user-unique 'per-file' encryption is useful, not
impregnable, but can
be at least as secure, perhaps more so, and requires nothing special of
the fs or os.
CD/DVD-R have made 'One Time Pad' generation, exchange, storage, and use
and OTP - properly used - still ranks very high in resistance to
File systems should be robust, reliable, recoverable from common faults,
In that order.
Anything complex embedded into the fs is a waste if a 'root' privilege
Were it otherwise, encrypted fs would have become the rule, not the
exception, long since.
Leave these things up to userland tools.
They wouldn't - and shouldn't - trust a 'system feature' anyway - not
even on their own single-user box.
More information about the Kernel