[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cryptographic file systems (was: Re: Erase Files)

To: misc@openbsd.org
Subject: cryptographic file systems (was: Re: Erase Files)
From: Jonathan Thornburg <jthorn@aei.mpg.de>
Date: Wed, 10 Sep 2003 22:36:43 +0200 (CEST)
Cc: Jonathan Thornburg <jthorn@aei.mpg.de>

In message <http://monkey.org/openbsd/archive/misc/0309/msg00501.html>
"Dom De Vitto" <dom@DeVitto.com> wrote
> 3) I would suggest that better security could be provided by something   
> like:             
> <http://www.backwatcher.org/writing/howtos/obsd-encrypted-filesystem.html>
> 
> (unless encrypted filesystems are directly support by OpenBSD now?)

CFS (/usr/ports/security/cfs) is an encrypting file system which
works very nicely under OpenBSD.  I've been using it since 2.8
(and for 8 years or so under SunOS before I moved to OpenBSD),
and I'm very happy with it.

CFS encrypts data before it ever goes to disk.  You can specify
encryption keys on a per-directory basis.  Combine this with OpenBSD's
swap encryption, and there shouldn't be any plaintext on disk.

ciao,

-- 
-- "Jonathan Thornburg (remove -animal to reply)" <jthorn@aei.mpg-zebra.de>
   Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
   Golm, Germany, "Old Europe"     http://www.aei.mpg.de/~jthorn/home.html      
   "Washing one's hands of the conflict between the powerful and the
    powerless means to side with the powerful, not to be neutral."
                                      -- quote by Freire / poster by Oxfam

Prev by Date: openbsd3.4
Next by Date: Re: USB mass storage woes
Prev by thread: Re: openbsd3.4
Next by thread: no NAT, ftp-proxy, & passive FTP
Index(es):
- Date
- Thread