Alfred Hegemeier wrote this message on Thu, Feb 19, 2015 at 12:50 +0000:
> just encrypt the whole hard drive with Geli.
> That's the only protection I see: everything passing through the controllers
> is encrypted - unless keyloggers are installed, which you best protect
> against completely firewalling the "core" system, andhaving jails to access
> the outer world.
> PCbsd already dumped complete auto hard drive encryption in their latest
> products - the automatic full HD encr was dumped when the Snowden stuff was
> revealed, I think with 10 release.So, I guess, they know why they removed it
> - makes it to secure.
>
> Which brings up an important question: how 'safe' is the encryption Geli,
> i.e. how can we know that developers are not on any agencies pay list ?Does
> that make senseĀ what I am writing in your opinion ?
Having working on the AES-XTS code, and looked at the geli code to make
it go faster, it's good code.. I don't see any major issues w/ it
besides what is well know w/ using the various modes...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
