Quoth Roland Smith on Tuesday, 18 January 2011: > On Mon, Jan 17, 2011 at 10:05:53PM -0700, Modulok wrote: > > On 1/17/11, Roland Smith <rsm...@xs4all.nl> wrote: > > > On Mon, Jan 17, 2011 at 09:30:39PM +0100, Alokat wrote: > > >> Hi, > > >> > > >> is it possible to encrypt my full harddrive (excluding /boot) during a > > >> freebsd installation. Or do I have to do this after the installation > > >> manually? > > > > > > Currently you have to do it manually afterwards. > > > > > > Personally, I would not bother encrypting the OS data; there is nothing > > > secret > > > there, and it does have a performance impact. Plus it would provide ample > > > material for a known-plaintext attack! > > > > > > > Modern ciphers such as AES are not susceptible to known plaintext > > attacks. > > That is indeed what it says on > http://en.wikipedia.org/wiki/Known-plaintext_attack. But without any > source or other justification. In this case, I'd say [citation needed]! > > At one time Enigma and DES were regarded as unbreakable. :-) > > Roland > -- > R.F.Smith http://www.xs4all.nl/~rsmith/ > [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] > pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
It seems prudent to me to reduce the attack surface to that which really needs to be defended -- "When you defend everything, you defend nothing". Not to mention avoiding the overhead of encrypting OS files. What do you folks think of the relative merits of AES vs Blowfish for disk encryption? -- Sterling (Chip) Camden | sterl...@camdensoftware.com | 2048D/3A978E4F http://chipsquips.com | http://camdensoftware.com | http://chipstips.com
pgp3LLybZAwl4.pgp
Description: PGP signature
