From mboxrd@z Thu Jan  1 00:00:00 1970
To: 9fans@cse.psu.edu
Subject: Re: [9fans] writing code
User-Agent: nmh-1.0.4 (NetBSD/alpha)
From: Roland Dowdeswell <elric@imrryr.org>
Date: Tue,  1 Mar 2005 11:29:16 -0500
Message-Id: <20050301162916.7B6CE37015@arioch.imrryr.org>
Topicbox-Message-UUID: 1d54ccfc-ead0-11e9-9d60-3106f5b1d025

Around Fri Feb 18 14:34:48 EST 2005, Tim Newsham wrote:
> To prevent this you either need to prevent someone from booting
> (ie. bios password and hope they dont go through the trouble
> of yanking the drive or resetting the bios) or you need to
> protect the disk (after all thats probably what they want to
> get at after they log in, not network access or the gui).
> Something like:
>
>	http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
>
> would address this nicely.  For those who don't want to chase
> down the paper, it's an encrypted disk format used by the
> FreeBSD group.

You might also consider CGD [which I wrote].  GBDE has a number of
serious drawbacks, namely:

	1.  it can lose sectors if the machine crashes in the ``middle''
	    of a write to a single sector,
	2.  it is quite slow,
	3.  it makes no attempt to frustrate dictionary attacks, and
	4.  the crypto is a little dubious [and brittle].

Thanks,

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/