On Tue, 23 Oct 2001, Bill Stewart wrote: > At 01:38 PM 10/23/2001 +1000, zem wrote: > >On 23 Oct 2001, Dr. Evil wrote: > > > > vnconfig -ck svnd0 diskimage > > I don't have a BSD system around to check - > what does this approach do?
Create a loopback device. "-k" means encrypt - cipher is blowfish, there's no way to change it. After vnconfig, /dev/svnd0 becomes a block device; use newfs and mount as with any partition. Here's the man page: http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig > Is Dr. Evil's concern with loopback just the speed? > (Plus the ugly minimal user interface, which is a job for a script.) > Machines are enough faster these days that I'd think the > only places that's a big hit, other than database apps, > are swap space, and you can mostly fix that by buying enough RAM. The performance hit is acceptable, it's much faster than CFS. OpenBSD's encrypted swap uses the same mechanism. > >It's worth noting their primary goal is network security, not crypto. > >Rubber hoses don't factor significantly in their threat model. > > Laptop theft belongs in *most* security models. Agreed. -- mailto:[EMAIL PROTECTED] F289 2BDB 1DA0 F4C4 DC87 EC36 B2E3 4E75 C853 FD93 http://zem.squidly.org/ "I'm invisible, I'm invisible, I'm invisible.."
