[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cryptographic file systems (was: Re: Erase Files)
In message <http://monkey.org/openbsd/archive/misc/0309/msg00501.html>
"Dom De Vitto" <dom@DeVitto.com> wrote
> 3) I would suggest that better security could be provided by something
> (unless encrypted filesystems are directly support by OpenBSD now?)
CFS (/usr/ports/security/cfs) is an encrypting file system which
works very nicely under OpenBSD. I've been using it since 2.8
(and for 8 years or so under SunOS before I moved to OpenBSD),
and I'm very happy with it.
CFS encrypts data before it ever goes to disk. You can specify
encryption keys on a per-directory basis. Combine this with OpenBSD's
swap encryption, and there shouldn't be any plaintext on disk.
-- "Jonathan Thornburg (remove -animal to reply)" <email@example.com>
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam