From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu Subject: Re: [9fans] writing code User-Agent: nmh-1.0.4 (NetBSD/alpha) From: Roland Dowdeswell Date: Tue, 1 Mar 2005 11:29:16 -0500 Message-Id: <20050301162916.7B6CE37015@arioch.imrryr.org> Topicbox-Message-UUID: 1d54ccfc-ead0-11e9-9d60-3106f5b1d025 Around Fri Feb 18 14:34:48 EST 2005, Tim Newsham wrote: > To prevent this you either need to prevent someone from booting > (ie. bios password and hope they dont go through the trouble > of yanking the drive or resetting the bios) or you need to > protect the disk (after all thats probably what they want to > get at after they log in, not network access or the gui). > Something like: > > http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf > > would address this nicely. For those who don't want to chase > down the paper, it's an encrypted disk format used by the > FreeBSD group. You might also consider CGD [which I wrote]. GBDE has a number of serious drawbacks, namely: 1. it can lose sectors if the machine crashes in the ``middle'' of a write to a single sector, 2. it is quite slow, 3. it makes no attempt to frustrate dictionary attacks, and 4. the crypto is a little dubious [and brittle]. Thanks, -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/