[nycbug-talk] OpenBSD Crypto Disk Question

Johnny C. Lam jlam at pkgsrc.org
Thu Jan 11 18:03:47 EST 2007


Ray Lai wrote:
> On Thu, Jan 11, 2007 at 05:26:20PM -0500, Johnny C. Lam wrote:
>> Isaac Levy wrote:
>>> I'm wondering this:
>>>
>>> Is there any reliable way to make an encrypted volume on OpenBSD on  
>>> the fly?  (like on FreeBSD, using disk images (file-backed memory  
>>> disks).
>>>
>>> I've got a stock 4.0 install on a box, and now want to stuff some  
>>> data on an encrypted volume.
>> On OpenBSD, I think this is svnd(4), which is prepared with vnconfig(8). 
>>   AFAIR, it does only Blowfish encryption.
> 
> While having more choices would be nice, please don't read that as
> "blowfish is insecure."

I agree with Ray -- all that I'm stating is that there is only one 
supported encryption method: Blowfish, not that Blowfish is insecure. 
With NetBSD's cgd(4) I use Blowfish for encrypted disks on slower 
machines because it's faster than using AES-128 or AES-256 (up to twice 
the throughput), though on the mega-fast machines available nowadays, I 
don't care so much.

	Cheers,

	-- Johnny Lam <jlam at pkgsrc.org>



More information about the talk mailing list