Contributed by jose on from the you-can't-see-my-bits dept.
"Since there did not seem to be much info around about using encrypted virtual filesystems with OpenBSD. I started up the following... OpenBSD Encrypted Virtual Filesystem Mini-HOWTO http://www.backwatcher.org/writing/howtos/obsd-encrypted-filesystem.html Maybe someone will find something usefull in it. "Sometimes you just don't want to have anyone else see your data, and this provides a convenient way to keep it private.
(Comments are closed)
By Anonymous Coward () on
OpenBSD also has tcfs, which has been unchanged, and marked "experimental", for two years. So now OpenBSD has two not-ready-for-prime-time encrypted FSes.
To me this is a shame because OpenBSD is "encryption everywhere", high security, and top quality, and yet here we have an area where encryption isn't used in a quality way.
Even sadder, both Mandrake Linux and Windows XP ship with good, solid implementations of FS crypto. How can those two be ahead of OpenBSD in anything related to security???
Comments
By Gioffreus () on
550 5.1.1 ... User unknown
anyway, perhaps a small correction to clarify a bit better...
> Once the foregoing is done, the partition/s of the cryptfile virtual
> disk can be mounted for use like any normal filesystem. The password
> will have to be provided, of course, upon each mount attempt in order
> to successfully make the mount.
i believe this could possibly confuse someone who has never done this
before. a person *might* think mount(8) would be asking for the key
when in fact the only time "encryption key" needs to be provided is
when a person does `vnconfig -k ...' the first time AND thereafter.
for example, you can do a `umount ...' then a `mount ...' without
providing the "encryption key" again. only *after* you have done a
`vnconfig -u /dev/svnd0c' will you subsequently have to provide the
key in order to use it again.
Comments
By Gioffreus () on
should be under top level *not* in reply to: "Re: Good to see this being addressed, but..."
sorry again
call me monkey =)
By Kyle Amon () amonk@gnutec.com on http://www.gnutec.com/~amonk
point. My bad. I will clearify this point asap.
Today or tomorrow.
-- Kyle
P.S. And, actually, there is nothing really wrong
with my mail server other than the fact that I
left it half upgraded from OBSD 3.0 to 3.1 this
morning and then went to sleep. :-) I'm finishing
the upgrade now though so it will start working
again soon. Sorry.
By Anonymous Coward () on
I'd like to see Rubberhose ported to OpenBSD. There already is a port to {Net,Free}BSD. The ideas behind Rubberhose are way cool.
Comments
By Gioffreus () on
do you mean as in mount_tcfs(8) ? hmmm, i might have to give it a go...
By Anonymous Coward () on
TCFS is ok for some things, but in my mind, there is still no excuse for not being able to do mount -k.
By pixelfairy () on mailto:pixel[shitft +2] [not photoshop] org(y)