Contributed by jose on from the privacy dept.
"OpenBSD has the mantra of "crypto everywhere". This includes the network, the swap space, everywhere... except for the filesystem itself! Let's face it, physical security of servers is not always what it should be, and sometimes the costs of fixing physical security problems are out of budget. Encrypted filesystems would add a tremendous layer of safety. If the box is stolen, it would be impossible to recover useful data from it, unless somehow it is stolen with the UPS attached."
"Unfortunately, OpenBSD's FS doesn't have good built-in crypto filesystem support. Loopback is an option, but not something you would want to use in a production system with important data on it.I had a look at mount_tcfs(8) , but it said it was for developers only. We covered vnconfig recently, but that seemed to have some limitations which leaft it unsuitable for general use. Anything else out there?
So, is there any hope for solid crypto FS support in future versions of OpenBSD? Or should the mantra change to "crypto almost everywhere"? Suse and Mandrake Linux both have it, and Windows XP even has it. Will OpenBSD get on the crypto bandwagon? One possible way this could happen is if ReiserFS is ever ported to OpenBSD.
Thanks for any comments on this."
(Comments are closed)