DragonFly BSD
DragonFly kernel List (threaded) for 2005-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: RFC: backporting GEOM to the 4.x branch

To: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
From: Richard Coleman <rcoleman@xxxxxxxxxxxxxxxxx>
Date: Thu, 03 Mar 2005 12:50:59 -0500

Matthew Dillon wrote:
I think there's a point where the argument becomes absurd, depending on the actual use the encryption is put to. A cryptographer must deal with all possibilities. The NSA might require that the data remain
secure for a hundred years, a commercial enterprise might only care about
20 years. An individual, like me, might only care that a typical hacker
can't do anything with the data. A terrorist... well, you get the idea.

   Poul is clearly most interested in being able to destroy the encryption
   key quickly, making all the knowledge the person controlling the data
   has about passwords and such moot, and his focus is clearly not so much
   on the security of the passkey or even the security of the data prior
   to the destruction of the key as it is on the security of the data AFTER
   the destruction of the key.  That's the impression I get, anyhow.

   Personally speaking I have no problem making ultra encryption available
   to the general public, but I do believe (personally speaking) that the
   *default* should be something slightly less secure just so criminals
   and terrorists (at least the stupid ones, which is most or they wouldn't
   be criminals or terrorists), don't get an automatic boost from our work.

Matthew Dillon <dillon@xxxxxxxxxxxxx>

In many ways, this reminds me of the whole debate about whether it is more secure to use ssh or encrypted telnet using Kerberos. The reality is that either one of them is infinitely better than what people were using before. Ssh won this battle because it was easier to install, not because it won on theoretical grounds (I have no idea which is theoretically better and it usually doesn't matter).

Whether it is GBDE or CGD, the best way to rapidly spread encryption is to add a huge button during the install from cd that says "click here to use encrypted disk". The will quickly increase the number of people using encrypted disks many fold in short order. Until then, it will always be a niche feature.

Richard Coleman

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]