Slashdot Mirror
NetBSD's Crypto-Graphic Disk
An anonymous reader writes "Security-minded laptop users live in fear of theft, not only of their computer but also of their precious secret data. NetBSD's CGD project is a cryptographic virtual disk that can protect sensitive data while acting like a normal filesystem. Recently its author, Roland Dowdeswell, was interviewed and provided a lot of details, and made a comparison with Linux's Loop-AES, FreeBSD's GBDE, OpenBSD's svnd.
This is a must-read for any laptop owner (and paranoid androids)!"
So the CGD disk is an encrypted pseudo disk driver. It sits on top of another partition and acts as a new virtual disk to the rest of the operating system. But what of those of us that have to use windows, or Mac OS X? This seems like it's only compatible with *nix OSes.
The theory of relativity doesn't work right in Arkansas.
Why do you think that Marvin's brain was running NetBSD? Otherwise, what use could he make of a laptop, with his "brain the size of a planet" ?
This is interesting and all, but this isn't exactly a ground-breaking news item.
PGP lets you do this on various platforms.
As a matter of fact, this is how I manage personal info on my OS X Macintosh. I create an strong-encrypted virtual disk image with banking, internet login, software key, and (un)related information. When I need something I mount it and when I'm done I umount it and it's nice and safe (as long as I never tell Keychain to remember the password).
You can do this on a vanilla OS X install with Disk Utility.
ffakr
I'm not feeling witty so bite me
This is a great idea, honestly... but who runs NetBSD on their laptops? I'd posit that it's a relatively low amount of folks. So while this is cool, until the code migrates to a better known F/OSS OS it isn't much use in the real world.
If thou see a fair woman pay court to her, for thus thou wilt obtain love
What happens if cdgconfig file is lost or damaged?
If you lose the cdgconfig file, is your data irrecoverable?
When it overwrites data, is it truly unreadable?
How taxing is this system, how long does it take to execute?
What happens when you lose your PW?
Are there knowledgable people in the same continent that can provide support for this?
He who knows best knows how little he knows. - Thomas Jefferson
This appears to be the same as linux's cryptoloop (loop-aes, etc), or am I missing something?
It's nothing really special, until it's implemented so laptop users can easily set up an encrypted root filesystem and be able to boot into it easily.
If it acts like a normal filesystem, that means that nothing special needs to be done to access it, provided you have an account with rights to use that filesystem (I'm assuming it needn't be root). So what if the person stealing your laptop gets a hold of your password? How does it become any more secure?
In retrospect, most BSD users probably don't keep their passwords on a sticky note inside their laptop like some Windows users I know...
TrueCrypt is disk encryption software for Windows XP/2000/2003 and Linux. Version 4.1 was released last month. It seems to have been designed by people who are VERY serious about encryption. For example, TrueCrypt "provides two levels of plausible deniability".
if you remember to encrypt any partitions that temporary data might possibly reside on... cos it would be awfully silly to protect your home partition and forget /var or /tmp or the swap... why not be completely paranoid and encrypt the the volatile "partition" that gets created in memory
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
It seems this AC has made a convincing argument for using XP as opposed to FreeBSD. Since I don't really know anything about FreeBSD, could some expert please offer a rebuttal of this AC's arguments? I know it seems like feeding the trolls, but I never see any real answer to any of these issues.
Windows?
From the summary: "Security-minded laptop users live in fear of theft"
Nice blanket generalization there. I'm security minded, use two laptops, and I don't live in fear. I mitigate risks. I use caution, but I don't live out my life in a state of fear, as your cliche ridden statement says.
Karma be damned, but I'm sick of people who use phrases without thinking what they actually mean.
Bestcrypt is probably only solution supporting Linux AND Windows. Windows version is a shareware, but Linux version is a free (as a beer).
So the CGD disk is an encrypted pseudo disk driver. It sits on top of another partition and acts as a new virtual disk to the rest of the operating system. But what of those of us that have to use windows, or Mac OS X? This seems like it's only compatible with *nix OSes.
/Applications/Utilities/Disk Utility.app, select File->New->Blank Disk Image... Once created this can be accessed by double clicking it and feeding it the password.
OS.X ships with something called Filevaut, accessable from 'System Preferences'. Filevault migrates your home directory onto an encrypted image using a 128-bit AES key which, AFAIK is pretty secure, at least the NSA sponsored OS.X security guide I read recently recommended using it. This image gets mounted onto your Home directory when you log in and cannot be accessed unless you either know the login password or somehow manage to crack the encryption on the image file. This is useful for mobile professionals and the on the fly encryption works surprisingly well unless you are working with say, Photoshop files that weigh in in the hundreds of megabytes. For day to day stuff this works quite well. Just for example, I keep my iTunes collection on a filevault image and it does not seem to kill performance even with resource hogs like MS Word and Excel running.
If you only want a small secure area rather than encrypting the entire Home directory like you do with Filevault you can also create stand alone *.dmg images with the 'Disk Utility'. These have the same 128-bit AES encryption as Filevault. Fire up
Only to idiots, are orders laws.
-- Henning von Tresckow
I for one welcome our paranoid android overlords!
In Soviet Russia, paranoid of androids is you!
I'm a paranoid android, you insensitive clod!
Imagine a beowulf cluster of paranoid androids!
Yup, that was pretty awful.
It's called FileVault. Just go to one's system preferences, select FileVault, set the password and bingo!
In Amsterdam is smells like weed... I can tell... ;)
'Last Kiss' isn't a Pearl Jam song. It was written by Wayne Cochran, and I think it was first recorded by J. Frank Wilson & The Cavaliers.
Who is "AC"? Arguments and opinions are just like assholes, everybody has one. Install FreeBSD on a spare box and play with it for a while if you want to know something about FreeBSD.
Actually... *BSD ain't so bad. I am sure this guy just pulled some sh*t out of his ass.
Here is some information about FreeBSD if you are interested.
I don't know about BSD, but with Windows there is always the danger that the OS itself or other programs are making copies of data and filenames and storing them in the registery, .ini files or a thousand other possible places which may not be encrypted. Encrypting the entire OS from boot on up seems like the only genuinely secure way to prevent this problem.
You can setup encryption for any homefolder in Xandros right from the user admin section of Control Ceenter. It uses keyfiles and supports the algorithms you listed plus about six others.
NetBSD will be exhibit at SCALE 4x
Actually, no BSD's have /proc. BSD's use sysctl. Linux uses /proc.
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
Under Windows, you can use Private Disk (AES 256-bit, with certification from NIST; use multiple encrypted drives simultaneously), it comes with a lot of features, my favourite one being 'Disk Firewall'. This is an application-level filter that doesn't exist in programs like TrueCrypt or BestCrypt, etc. This thing allows you to control which application can access the drive, while the others (i.e. viruses, spyware and other #^!#$^!ware) are rejected.
The program runs off removable drives too (there are certain particularities.. but once you know what you're doing, it works).
The saddest poem
Try these
:-)
Private Disk (lots of features, highly customizeable)
Private Disk Multifactor (Comes with biometry and smart card authentication)
Private Disk Light (this is the free version)
I wrote about these tools in an earlier post. I am very satisfied with this thing, bought it for half the price - student discount
The saddest poem
Reading the first few lines of the interview I get the impression it does almost the exactly the same stuff dm-crypt does, which has been in Linux stable for over a year now.
Have a look at http://luks.endorphin.org/
In my opinion, there has been some excellent work been done.
Is it possible to encrypt your entire system
or anything except the boot partition since i dont think
the boot loaders support crypto yet
Can someone spread some light on this
It's possible you know about cryptography, but you don't seem to know much about networking... how exactly do we check your ip address?
That said, I don't know anything about CBC and I expect your point is 100% correct. It's just painful to see such a statement from someone purporting to inform me about computer related information.
I use loop-aes when I want an encrypted drive. Setting it up the first time sure is a pain, though.
In fact the real beauty of this solution is that it can be set up to replace the standard windows login with one which uses the TPM, and can then 'unlock' as much or as little of your other TPM secured data as you like. My only complaint is that the password manager doesn't work w/ Firefox/Thunderbird, so I can't have TRUE single sign-on. But if I were to just use IE, it would be.
I have been burned many times in the past by development filesystems, and drivers. It sounds like a great idea, but I am going to wait quite some time before I trust my data with it.
SuSE supports encrypted disks without the use of the commandline. Does anyone have any comment as to the security or the recoverability of the SuSE system?
Windows has the Encrypted Filesystem built into NTFS.
p pro/deploy/cryptfs.mspx
http://www.microsoft.com/technet/prodtechnol/winx
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.
Does someone know if openbsd still uses encypted file systems by default? Is this basicly something like that but for netbsd?
It's interesting to see xxxBSD user/developer comparing "just written" software for BSD with ancient versions of Linux counterparts and (surprisingly) finding xxxBSD version to be better. My point being: dm-crypt.
If you are interested in Linux 2.6 encrypted partition, use dm-crypt together with cryptsetup tool. It's much safer than AES loop and:
OK, I'm tired, go read the links and you'll be much wiser and better informed than after reading TFA ;)
Robert
Bastard Operator From 193.219.28.162
This has all the hallmarks of a known troll. In fact, it has appeared as this post before. Silly person with nothing better to do.
He seems to have a relevant worry about the lack of atomicity when writing to a GBDE encrypted device. However he fails to notice that this happens only because GBDE has addressed a problem which every other disk encryption seems to have ignored. You get certain security advantages from probabilistic encryption. But probabilistic encryption implies the encrypted version must be slightly larger than the clear text.
More than once has the use of deterministic encryptions lead to weaknesses in disk encryptions. And often the workarounds require additional CPU power. And even the most careful deterministic encryption can never be as secure as a probabilistic encryption.
GBDE does have probabilistic encryption. This also means that obviously an update requires more than one physical write. Though this could be done securely, the way it is done in GBDE seems to give a risk of data loss/corruption. Some kind of journaling could have solved the problem. Having journaling both in the encryption and in the file system seems to be overkill (and clearly hurts performance), but integrating the two without compromising security is nontrivial. I'd like to see some more research in this area.
From my description it may sound like from a cryptographic viewpoint GBDE is the best designed disk encryption in existence. Unfortunately it isn't so. It did get some things right, but it seems to be mostly by luck. GBDE uses different pseudo random keys for each sector, however rather than using a standard PRNG, PHK decided to invent his own known as the Cherry Picker. Unfortunately there is a weakness in this generator as the output is not uniformly random.
To the best of my knowledge GBDE is currently the only disk encryption making use of probabilistic encryption, and none of the disk encryptions in existence make a serious effort at guaranteeing integrity (also known as security against an active adversary).
Do you care about the security of your wireless mouse?
Learn the CLI....It is SO worth it!
The good thing is that free software never really dies. It may be frozen but it is still there for everyone and if someone wants to pick it, (s)he is free to do so.
Pupeno
Okay, I RTFA, and still don't see why there is a hyphen in "crypto-graphic" here. I thought perhaps it was some cute way to use a graphics card to do the the encoding, but I think it's (don't laugh) a typo. Please correct me if I'm wrong.
I've only just begun using TrueCrypt, but my experience, also, is that it just works, also. I like making and maintaining a container, which can be moved to a thumb (flash memory) drive for traveling.
I like the command line options of TrueCrypt.
Most importantly:
1) Reading the web site and documentation gives me the impression the developers know what they are doing. I like it that, in the comments above, the developers are criticized for an incorrect statement about block chaining, and the error was corrected immediately.
When I read the web sites and documentation of commercial encryption products, so much is written by bored marketing people that I fear that the company is controlled by someone who majored in English Literature. (Nothing against majoring in Eng. Lit., but such people should not have control over products that require advanced understanding of technology.)
2) To me, it is absolutely necessary that any encryption software I use be Open Source. I fear that a rogue employee or a an owner of a commercial encryption software company would put in a back door, or would introduce a weakness.
The U.S. government has decided that it can secretly force companies to help in surveillance. This means that commercial companies cannot be trusted. (The drawbacks of secret action are called "Blowback" by some in the U.S. government. Blowback is not seen as a bad thing, because if decreases the political stability in the world, which means that employees of U.S. government secret agencies will get raises and promotions.)
For conventional encryption, like sending encrypted files automatically to a private FTP site for safe offline storage, I use Gnu Privacy Guard. Also Open Source, of course.
"... how exactly do we check your ip address?"
When I read that, I assumed he meant that a Slashdot editor could check his IP address.
I know that Slashdot editors sometimes read the stories they post, because, when I criticize the Bush administration, sometimes I am moderated down multiple points, without the moderation appearing in the karma points summary at the end of the comment. In the middle of the night, while Slashdot editors are presumably sleeping, people in other countries moderate the comment to +5. The comment is then bulk moderated down when it is morning in the United States. Just guessing, but it is plausible.
This comment may seem a little off topic, other than being an answer to an on topic thread, but it is relevant because encryption like that provided by TrueCrypt is more necessary in times of political instability and government corruption.
This is one example of how a F/OSS _becomes_ more popular. Don't count a runner out of a race which never ends.
Cross Crypt - Open Source AES and TwoFish Linux compatible on the fly encryption for Windows XP and Windows 2000.
It uses the excellent Filedisk to appear as a volume in Explorer.
It's GPL, sorry to restate that, but I dunno if you read the headline fully or not.
[% slash_sig_val.text %]
Hey -- I'm no crypto, OS or FS guru, how does this compare/differ from Apple's FileFault which provides on the fly encrypt/decrypt of user files? Being an Apple user, I have yet to use the FileVault utility, but it does look enticing, just that encrypting files on my workstation doesn't seem worth the *anticipated* performance hit.
Perhaps this might be yet another *BSD project that Apple could benefit from ala Konqueror. Or not.
"... you are probably just another liar."
Ahhh, the civilized and polite interaction for which Slashdot is famous.
Thankyou for making me skim through your cruft--flames of the BSD's--rather than discussing the article at hand. Lets talk about the article in the stead of opinions and unreliable and misleading surveys, shall we?
I'd like to point out that the article notes that OpenBSD's svnd does not provide salting of the password, thus leaving it more open to dictionary attacks. Rather, Blowfish is NOT fast when changing keys. Blowfish is much slower than almost all block ciphers when computing a new key. Blowfish, especially the version found in OpenBSD, has a slow key schedule, which does make it resistent to dictionary attacks by requiring lots of computation.
Facts.
the parent is a troll and an idiot, but you seem to be genuinely asking, so i'll take the time to answer.
GUI quality: The troll gives no indication of what or how he's measuring. it's difficult to deny that MS's GUIs are more polished, but there are numerous inconstancies. GUIs available on unix systems, including FreeBSD, tend to be more configurable. i'm inclined to agree that traditional X11-based GUIs are behind that of Windows, but that's a far cry from FreeBSD not having one, as the troll claims. also, OS X is widely agreed to be easier to use than Windows' and is unquestionably more technically advanced (we'll see what Vista brings).
Support: The troll's claims that Microsoft is "the world's most trusted software company" is simply laughable. major failures in security and stability in Microsoft products are legendary; their reputation for quality is thoroughly mediocre. they are, however, quite large and do stand behind their products (such as they are) for defined periods of time, which has a certain level of comfort associated with it. FreeBSD, on the other hand, has much higher initial quality and also has commercial support available from various sources. the open source nature of FreeBSD and the vibrant community existing around it also means particularly obscure problems are more addressable than they are in Windows, where you're left waiting for Microsoft to release a patch. again, there are trade offs to be made, but i think FreeBSD is a clear winner here.
Cost and convenience: It is undeniable that having the system pre-installed is a huge win for convenience. but the troll goes way off-track from there. first, XP is available pre-installed, but for how many architectures, maybe two (x86 and itanium)? FreeBSD is available on about a half dozen (NetBSD, incidentally, is available on dozens); this is particularly important in the sever and appliance realms, which are FreeBSD's primary target spaces. FreeBSD is available pre-installed at least on server equipment (i don't know of anyone who does workstations/laptops). the troll claims that XP is free, which is flatly false: the cost is bundled in the cost of the hardware. the troll is also implicitly defining terms like "every major manufacturer" to be only ones he cares about: get me an XP system from Sun or Apple, for example.
Stability/scalability:Again, the troll gives no measurements. at a minimum, XP has a reputation for being unreliable. in my experience at work, XP is a step down in stability and reliability from 2000, although both of these are still leaps ahead of any Microsoft system predating that (except probably DOS, which was highly stable by virtue of being so tremendously simple). DoS-style attacks which bring down the system remain common against XP and virtually unheard of against FreeBSD. FreeBSD is highly stable. the standard edition of XP also scales to 2 processors; special versions are available to get it up to higher number, but still pretty modest number of processors (i think it was 16, but i don't remember). i'm not sure specifically what SMP problems the troll is talking about (again, no specifics), but i've personally run FreeBSD on dual-processor SMB systems without issue and other BSDs on systems much, much larger than any Microsoft product has any hope of touching. for reference, note that BSD-based systems hold many places in the Top 500 supercomputer list, including several in the top 20; Windows can't hope to touch that level of performance.
Software availability: No, troll, not everyone uses it. but yes, it does have more software. for that reason, when i was Director of IT for our company, we continued to by Windows boxes; our accounting package wasn't available on any other platform. but this very much depends what you need. FreeBSD certainly runs a far cry more than vi. most things that'll run on other open-source systems like Linux,
i speak for myself and those who like what i say.
If you look at its history they are just within the last few months starting to get their shit together. The beginning of the project was controversial and for the first few versions there was no solid group running it. They also btw just recovered from a major flaw in their deniability scheme.
By all accounts it appears to be shaping up into a solid project, but IMHO you wouldn't be acting too conservatively if you waited another year to look into their project. A project that starts out with disputed code, then has no formal website, and then finally has one of their major features coded incorrectly, seems to be growing through some serious growing pains to put it mildy.
And THAT is why you don't every crypto expert out there applauding Truecrypt yet. Like I said the problems seem to be a thing of the past, but for anything but home use I'd wait another year or so to make sure they are on the right track and the project won't fizzle out have more organizational problems.
Seagate has announced a laptop disk that does full disc encryption in hardware, without slowing down disc I/O at all. Seems like that makes software solutions (which are subject to reverse engineering, etc.) decidedly inferior.
... an idea, the fugitive fermentation of an individual brain ... -- T. Jefferson
I guess you missed the part where he said he used Disk Utility. PGP Disk wasn't mentioned. Who's stupid now?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Many good reasons.
[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD]
When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project.
Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it.
FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile.
It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics.
So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project.
Discussion
I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly.
From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished.
There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want.
Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress.
Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers?
Shouts
To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad.
To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals. I
Thanks to the poster above who pointed this out to me...
:) The write operations took a lot of CPU cycles in kjournald (I'm using ext3 so you may get better speeds with other filesystems).
I am using dm-crypt on top of a level 5, 3 disk SATA raid.
The system just used a normal aes.ko module so I decided to try the aes-i586.ko module (the server is a Athlon XP 2400+ with 512 MB RAM).
Here are my results:
Control Read test file (non-crypted)...
1) 0.01user 1.43system 0:17.99elapsed 8%CPU
2) 0.03user 1.43system 0:18.07elapsed 8%CPU
3) 0.03user 1.43system 0:17.94elapsed 8%CPU
AES
===
Write test file....
1) 0.05user 4.99system 0:53.26elapsed 9%CPU
2) 0.05user 4.88system 0:52.85elapsed 9%CPU
3) 0.06user 4.87system 0:50.14elapsed 9%CPU
Read test file....
1) 0.03user 2.00system 0:36.44elapsed 5%CPU
2) 0.03user 1.97system 0:36.99elapsed 5%CPU
3) 0.03user 1.94system 0:35.55elapsed 5%CPU
AES-i586
========
Write test file....
1) 0.06user 4.65system 0:42.12elapsed 11%CPU
2) 0.03user 4.90system 0:40.38elapsed 12%CPU
3) 0.04user 4.77system 0:42.02elapsed 11%CPU
Read test file....
1) 0.03user 1.87system 0:22.22elapsed 8%CPU
2) 0.04user 1.91system 0:21.80elapsed 8%CPU
3) 0.02user 1.90system 0:22.00elapsed 8%CPU
As you can see the results with aes-i586 are significantly better
Does anyone know of any reason not to use aes-i586.ko?? I assume they are exactly equiv?
Anyways, I've added the line:
alias aes aes-i586
to my modprobe.conf.
Cheers for the advice.
Cgd is several years old, its not new at all.
What happens when the disk drive dies?
The answer is the same as for your questions, you restore the backup that you've been told countless times to make. You do have one, right?
Would this be easily ported to other BSDs, Linux, or even Windows?
FPFPFPFPFPFP YOUR MOM STANDS FOR FP haha suck you you fisherole cassiorole BAHAHA lololollmaolmaoroflmaoqzx spam tastes NICE!The omnipotence paradox is a paradox arising from the attempt to apply logic to the notion of an omnipotent being. It appears when one asks whether or not an omnipotent being is able to perform actions that would limit its own omnipotence, thus becoming non-omnipotent. Some philosophers see it as proof of the impossibility of the existence of any such entity; others assert that the paradox arises from a misunderstanding or mischaracterization of the concept of omnipotence. In addition, several philosophers have considered the assumption that a being is either omnipotent or non-omnipotent to be a false dilemma, as it ignores the possibility of varying degrees of omnipotence (Haeckel).
The paradox is often based on the God of the Abrahamic religions, though this is not a requirement. Since the Middle Ages, philosophers have phrased the paradox in many ways, of which the classic example is, "Could an omnipotent being create a stone so heavy that even that being could not lift it?" This particular statement has subtle flaws (discussed below), but as the most famous version, it still serves adequately for illustrating the different ways the paradox has been analyzed.
In order to analyse the omnipotence paradox in a rigorous way, one must first establish the precise definition of omnipotence. The definition of omnipotence varies amongst cultures and religions, and from one philosopher to another. A common definition is "all-powerful", but that is insufficient for the omnipotence paradox. This paradox cannot be formulated, for example, if one defines omnipotence as the ability to operate outside the constraints of any logical framework. Modern approaches to the problem have involved the study of semantics, debating whether language--and therefore philosophy--can meaningfully address the concept of omnipotence itself.Philosophical responses
A common example of the omnipotence paradox is expressed in the question, "Could an omnipotent being create a stone that it could not lift?" It is possible to analyze this question in the following manner:
The being can either create a stone which it cannot lift, or it cannot create a stone which it cannot lift.
If the being can create a stone which it cannot lift, then it is not omnipotent.
If the being cannot create a stone which it cannot lift, then it is not omnipotent.
This mirrors the solution to another classic paradox, the irresistible force paradox: What happens when an irresistible force meets an immovable object? A response to this paradox is that if a force is irresistible, then by definition there is no truly immovable object; conversely, if an immovable object were to exist, then no force could be defined as being truly irresistible. This treatment of the paradox remains true to the basic assertions, but does not address the issue of the definition of omnipotence. Furthermore, the omnipotence paradox is related to another similar philosophical question, the grandfather paradox. The vernacular definition of omnipotence often seems to include the ability to travel across time; one could then ask the question, "Can an omnipotent being go back in time and kill his own grandfather?" This is not, however, a logically satisfactory analysis of the paradox, as it tends to focus on the imposition of human attributes onto a being that is not necessarily of human form (Wierenga).
One can also attempt to resolve the paradox by postulating that omnipotence does not necessarily demand that a being must be able to do all things at all times. Thus, one reasons,
The being can create a stone which it cannot at that moment lift.
However, being omnipotent, the being can always later reduce the weight of the stone to a weight where it can lift it. Therefore the being is still legitimately omnipotent.
This is essentially the same view espoused by Matthew Harrison Brady, a character in Inherit the Wind loosely based upon William Jennings Bryan
DO NOT TRUST IT.
Holy shit, you suck.
If you want this on Linux, you can do it with the device mapper system. Just run dmsetup on a loopback device (setup with losetup), and mount it like a normal block device.
The kernel supports all kinds of block encryption including AES with different key sizes.
What it lacks is an easy-to-use interface to setup and maintain.