Displaying 20 results from an estimated 1000 matches similar to: "Which AES to use?"
2006 Jan 28
1
Should I use gbde or geli?
Hello out there, everybody!
I was actually expecting to find several (hundred) threads with this
subject being discussed. To my surprise I didn't find a single one
either on these mailing lists or in the newsgroups - at least not in a
language I understand. :-)
I realize that gbde and geli are not designed to be better than the
other but that both fit different needs and different tastes.
2005 Dec 11
1
geli or gbde encryption of slices
Hello,
I was playing around with geli an gbde after last EuroBSDCon.
I liked the idea of encrypting my data which resides in /home/$user.
Since this is a "single" user laptop i intended to encrypt the
whole /home partition. Well no problems with that. But i wanted
the lockfile or keyfile on a seperate usb disc. Which would be
mounted or used during boot of the system. I also used
2006 Sep 06
2
Getting GELI Keys from Floppy
Hello,
i want to encrypt my HDD's with GELI (not the root-fs, though). I want
to do the encryption without password, just with a key. The key should
be stored in a floppy disk, and the read should be read automatically
on boot, from the floppy.
There is a problem here, because GELI initializes _before_ mounting
the disks from /etc/fstab (for obvious reasons, of course). So GELI is
not able
2013 Jul 22
3
zpool on a zvol inside zpool
Hi.
I'm moving some of my geli installation to a new machine. On an old
machine it was running UFS. I use ZFS on a new machine, but I don't have
an encrypted main pool (and I don't want to), so I'm kinda considering a
way where I will make a zpool on a zvol encrypted by geli. Would it be
completely insane (should I use UFS instead ?) or would it be still
valid ?
Thanks.
Eugene.
2008 Feb 06
3
Reconstruct disklabel for UFS and GELI volumes
Hi,
Somehow[TM] an installation of 4.11 to ad0s3 managed to wipe out my
existing disklabel for 7.0 on ad0s4. I now need to recover the
disklabel to get my system to boot!
There were three labels
- ad0s4a: UFS, exact size unknown. Is it possible to infer this from
the UFS partition size? I can mount this already, as I simply wrote an
'a' label of maximum size to the disklabel
- ad0s4b:
2006 Jan 22
3
Encrypted volume - how?
Hi all,
I'm looking for a way to recreate the functionality of PGP Disk (under
Win32). Basically, create an encrypted file, which contains a filesystem
which can then be mounted in any mount point.
I know I can use GELI in FreeBSD 6 - as I understand, it performs the
encryption at the partition level (the whole partition is encrypted).
I'd like to be able to simply unmount my
2012 Jun 13
1
kern/157863: [geli] kbdmux prevents geli passwords from being entered properly on boot
Hello,
Just to let everyone know that this is still an issue.
I am trying to install FreeBSD 9.0 amd64 on a Lenovo X121e and I
can't get it to accept the geli passphrase during boot. I've confirmed
using kern.geom.eli.visible_passphrase=1 that the passphrase is
correct, and the same passphrase is accepted when the system is
booted up.
I've tried disabling kbdmux in
2008 Sep 30
5
GELI partition mount on boot fails after 7.0 -> 7.1-PRERELEASE upgrade
I was using a GELI partition for /usr/home on 7.0, so it attaches and mounts
on boot. The problem is it stopped working after the system was upgraded to
RELENG_7/7.1-PRERELEASE. Here's how it goes:
I have the following /etc/fstab:
/dev/ad0s1b none swap sw 0 0
/dev/ad0s1a / ufs rw 1 1
/dev/ad0s1d
2008 Mar 17
1
hifn(4) causing system lockup
Hi all,
can someone comment on the state of the hifn(4) driver?
I've recently upgraded my 6.2-STABLE workstation to RELENG_7,
and I'm now experiencing system lockups that seem to be caused
by the hifn(4) driver.
I've got a Soekris vpn1401 card to help with GELI disk en-
cryption. Reading from a GELI volume is causing the system to
freeze completely, which does not happen if
2012 Apr 16
2
Any options on crypt+zfs ?
hail,
I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small capacity though, to
test and study if I can make my home server this box and this way. It will be a simple server,
three users tops.
I followed the handbook and made the geli step on the disks:
Geom name: label/zfs1.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 128
Crypto: software
UsedKey: 0
Flags:
2008 May 18
2
Vulnerability with compromised geli credentials?
I'm not really a developer, but was considering if there is a key
vulnerability in geli given that when you change a key there isn't a disk
update.
Consider the scenario where a new file system is created and populated
with some files. At a later time the original key is changed because
someone has gained access to the key and passphrase. A new key is
generated and attached, but none of
2008 Aug 05
1
Stuck in geli
Rarely, a geli partition I have freezes a process in bufwait state. It
occurs after an ATA timeout message:
Aug 5 03:47:13 thor kernel: ad10: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=219028637
The geli partition resides on an Intel MatrixRAID RAID1 mirror using the
ICH9R chipset (Asus P5K-E/WIFI). Killing (even -9) the process does not
work. Rebooting is the only solution, yet the
2009 Jan 15
2
zfs drive keeps failing between export and import
I have a zpool that consists for a two-drive mirror. The two times I
took the zpool offline, I had to resilver one of the drives (the same
drive both times) when I imported it back. All drives in the pool
show no read, write, or checksum errors and are new, so I'm looking to
a software problem before hardware. Both drives are encrypted geli
devices. I tried to reproduce the error with 1GB
2006 Feb 20
1
GELI slice encryption
Hello.
I have been investigating a 'secure' Firefox solution. The cache,
history and other files are kept on an encrypted slice and swap
is encrypted also.
The problem I am having is that I know the shell commands required
to unmount /tmp, create providers with GELI with one-time keys,
remount /tmp, activate swap etc. but I don't know the correct way
to get this done automatically on
2015 Feb 07
3
TLS config check
Am 07.02.2015 um 04:47 schrieb Reindl Harald:
>
> Am 06.02.2015 um 23:13 schrieb SW:
>> According to https://cipherli.st/
>>> ssl = yes
>>> ssl_cert = </etc/dovecot.cert
>>> ssl_key = </etc/dovecot.key
>>> ssl_protocols = !SSLv2 !SSLv3
>>> ssl_cipher_list = AES128+EECDH:AES128+EDH
>>> ssl_prefer_server_ciphers = yes #
2008 Apr 30
2
Empty Set In a Set
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear List:
I'm looking for a form of the empty set such that if ES is said
representation,
~ ES %in% c(1,2,3)
evaluates to TRUE.
Thank you in advance for your assistance.
Sincerely,
Jason Q. McClintic
- --
Jason Q McClintic
UST MB 1945
2115 Summit Avenue
St. Paul, MN 55105
jqmcclintic at stthomas.edu
mccl0219 at tc.umn.edu
"It is
2017 Sep 18
1
Samba shows error NT Status: STATUS_OBJECT_NAME_NOT_FOUND when copying 10GB file using robocopy when ecryptfs file system shared using samba
Hi ,
I shared linux directory which is mounted using ecryptfs to a windows 10 client using samba share . When i do a robocopy of file greater than size of 7GB the samba throws an error NT Status: STATUS_OBJECT_NAME_NOT_FOUND which can be observed in wire shark .
Setup :
----------
Host with ubuntu 16.01 -------------------> windows 10 client
(Samba
2005 May 10
1
public-key ?
Hi,
I'm not a crypto expert, so after reading this interview with Bruce Schneier
( http://www.securityfocus.com/columnists/324 ) I'm wondering if OpenSSH has
the same problem he talks about, that is one public-key algorithm.
Doesn't OpenSSH use RSA, DSA, and DH ?
Also, is there any plan to include those new NSA standards based on ECC ?
2006 Nov 06
1
pptp, ipsec and vpn
Hi All,
This is a general VPN question;
PPTP VPNs seem to be very easy to set up with CentOS as the VPN server
and the built-in windose client, but how do list members feel about the
security vunerabilities reported with the MS implementation?
Specifically the 6 problems reported here :
http://www.schneier.com/pptp-faq.html
or maybe im being paranoid?
Would any of you roll this solution out
2006 Jun 09
0
Data authentication for geli(8) committed to HEAD.
Hi.
geli(8) from FreeBSD-CURRENT is now able to perform data integrity
verification (data authentication) using one of the following
algorithms:
- HMAC/MD5
- HMAC/SHA1
- HMAC/RIPEMD160
- HMAC/SHA256
- HMAC/SHA384
- HMAC/SHA512
One of the main design goals was to make it reliable and resistant to
power failures or system crashes. This was very important to commit both
data update and HMAC