[nycbug-talk] OpenBSD Crypto Disk Question
Johnny C. Lam
jlam at pkgsrc.org
Thu Jan 11 18:03:47 EST 2007
Ray Lai wrote:
> On Thu, Jan 11, 2007 at 05:26:20PM -0500, Johnny C. Lam wrote:
>> Isaac Levy wrote:
>>> I'm wondering this:
>>>
>>> Is there any reliable way to make an encrypted volume on OpenBSD on
>>> the fly? (like on FreeBSD, using disk images (file-backed memory
>>> disks).
>>>
>>> I've got a stock 4.0 install on a box, and now want to stuff some
>>> data on an encrypted volume.
>> On OpenBSD, I think this is svnd(4), which is prepared with vnconfig(8).
>> AFAIR, it does only Blowfish encryption.
>
> While having more choices would be nice, please don't read that as
> "blowfish is insecure."
I agree with Ray -- all that I'm stating is that there is only one
supported encryption method: Blowfish, not that Blowfish is insecure.
With NetBSD's cgd(4) I use Blowfish for encrypted disks on slower
machines because it's faster than using AES-128 or AES-256 (up to twice
the throughput), though on the mega-fast machines available nowadays, I
don't care so much.
Cheers,
-- Johnny Lam <jlam at pkgsrc.org>
More information about the talk
mailing list