DragonFly kernel List (threaded) for 2005-03
Re: RFC: backporting GEOM to the 4.x branch
Matthew Dillon wrote:
I think there's a point where the argument becomes absurd, depending
on the actual use the encryption is put to. A cryptographer must
deal with all possibilities. The NSA might require that the data remain
secure for a hundred years, a commercial enterprise might only care about
20 years. An individual, like me, might only care that a typical hacker
can't do anything with the data. A terrorist... well, you get the idea.
Poul is clearly most interested in being able to destroy the encryption
key quickly, making all the knowledge the person controlling the data
has about passwords and such moot, and his focus is clearly not so much
on the security of the passkey or even the security of the data prior
to the destruction of the key as it is on the security of the data AFTER
the destruction of the key. That's the impression I get, anyhow.
Personally speaking I have no problem making ultra encryption available
to the general public, but I do believe (personally speaking) that the
*default* should be something slightly less secure just so criminals
and terrorists (at least the stupid ones, which is most or they wouldn't
be criminals or terrorists), don't get an automatic boost from our work.
In many ways, this reminds me of the whole debate about whether it is
more secure to use ssh or encrypted telnet using Kerberos. The reality
is that either one of them is infinitely better than what people were
using before. Ssh won this battle because it was easier to install, not
because it won on theoretical grounds (I have no idea which is
theoretically better and it usually doesn't matter).
Whether it is GBDE or CGD, the best way to rapidly spread encryption is
to add a huge button during the install from cd that says "click here to
use encrypted disk". The will quickly increase the number of people
using encrypted disks many fold in short order. Until then, it will
always be a niche feature.