Slashdot Mirror
NetBSD's Crypto-Graphic Disk
An anonymous reader writes "Security-minded laptop users live in fear of theft, not only of their computer but also of their precious secret data. NetBSD's CGD project is a cryptographic virtual disk that can protect sensitive data while acting like a normal filesystem. Recently its author, Roland Dowdeswell, was interviewed and provided a lot of details, and made a comparison with Linux's Loop-AES, FreeBSD's GBDE, OpenBSD's svnd.
This is a must-read for any laptop owner (and paranoid androids)!"
Why do you think that Marvin's brain was running NetBSD? Otherwise, what use could he make of a laptop, with his "brain the size of a planet" ?
This is interesting and all, but this isn't exactly a ground-breaking news item.
PGP lets you do this on various platforms.
As a matter of fact, this is how I manage personal info on my OS X Macintosh. I create an strong-encrypted virtual disk image with banking, internet login, software key, and (un)related information. When I need something I mount it and when I'm done I umount it and it's nice and safe (as long as I never tell Keychain to remember the password).
You can do this on a vanilla OS X install with Disk Utility.
ffakr
I'm not feeling witty so bite me
See FileVault for the automagic encrypted home directory
or see hdid for the command-line version of disk utility.
What happens if cdgconfig file is lost or damaged?
If you lose the cdgconfig file, is your data irrecoverable?
When it overwrites data, is it truly unreadable?
How taxing is this system, how long does it take to execute?
What happens when you lose your PW?
Are there knowledgable people in the same continent that can provide support for this?
He who knows best knows how little he knows. - Thomas Jefferson
Mac OS X is a *nix OS.
It also features an encrypted file system, FileVault.
If it acts like a normal filesystem, that means that nothing special needs to be done to access it, provided you have an account with rights to use that filesystem (I'm assuming it needn't be root). So what if the person stealing your laptop gets a hold of your password? How does it become any more secure?
In retrospect, most BSD users probably don't keep their passwords on a sticky note inside their laptop like some Windows users I know...
TrueCrypt is disk encryption software for Windows XP/2000/2003 and Linux. Version 4.1 was released last month. It seems to have been designed by people who are VERY serious about encryption. For example, TrueCrypt "provides two levels of plausible deniability".
if you remember to encrypt any partitions that temporary data might possibly reside on... cos it would be awfully silly to protect your home partition and forget /var or /tmp or the swap... why not be completely paranoid and encrypt the the volatile "partition" that gets created in memory
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
It seems this AC has made a convincing argument for using XP as opposed to FreeBSD. Since I don't really know anything about FreeBSD, could some expert please offer a rebuttal of this AC's arguments? I know it seems like feeding the trolls, but I never see any real answer to any of these issues.
From the summary: "Security-minded laptop users live in fear of theft"
Nice blanket generalization there. I'm security minded, use two laptops, and I don't live in fear. I mitigate risks. I use caution, but I don't live out my life in a state of fear, as your cliche ridden statement says.
Karma be damned, but I'm sick of people who use phrases without thinking what they actually mean.
That is exactly why my prefered solution for on-the-fly hard disk encryption is TrueCrypt. Not only is it open source and cross platform (Windows/Linux), but it also happens to simply rock, surpassing many commercial products, with lots of nice features like the use of keyfiles, or for the true paranoid, cascade encryption (like AES-Blowfish-TripleDES) and plausible deniability (hidden volume).
I code, therefore I am.
So the CGD disk is an encrypted pseudo disk driver. It sits on top of another partition and acts as a new virtual disk to the rest of the operating system. But what of those of us that have to use windows, or Mac OS X? This seems like it's only compatible with *nix OSes.
/Applications/Utilities/Disk Utility.app, select File->New->Blank Disk Image... Once created this can be accessed by double clicking it and feeding it the password.
OS.X ships with something called Filevaut, accessable from 'System Preferences'. Filevault migrates your home directory onto an encrypted image using a 128-bit AES key which, AFAIK is pretty secure, at least the NSA sponsored OS.X security guide I read recently recommended using it. This image gets mounted onto your Home directory when you log in and cannot be accessed unless you either know the login password or somehow manage to crack the encryption on the image file. This is useful for mobile professionals and the on the fly encryption works surprisingly well unless you are working with say, Photoshop files that weigh in in the hundreds of megabytes. For day to day stuff this works quite well. Just for example, I keep my iTunes collection on a filevault image and it does not seem to kill performance even with resource hogs like MS Word and Excel running.
If you only want a small secure area rather than encrypting the entire Home directory like you do with Filevault you can also create stand alone *.dmg images with the 'Disk Utility'. These have the same 128-bit AES encryption as Filevault. Fire up
Only to idiots, are orders laws.
-- Henning von Tresckow
Actually, BSD is a unix derivative just like Linux. Both have their separation from Unix and neither is Unix.
In reality, it is probably still safe to call it a *nix, only the BSD zealots would like us to separate it into a "BSD", which is about as anal as separating the Linux distributions into different groups.
BTW, your original post compared it to *nix operating systems and complained about OSX. The Article refers to this about NetBSD, therefore making your statements a bit mixed.
The folks over at Wikipedia seem to agree with us on this one.
"Some days you just can't get rid of a bomb."
Give me a break. If you say something like that, it simply shows that you don't know how to administer Windows very well.
Reading the first few lines of the interview I get the impression it does almost the exactly the same stuff dm-crypt does, which has been in Linux stable for over a year now.
Have a look at http://luks.endorphin.org/
In my opinion, there has been some excellent work been done.
It's interesting to see xxxBSD user/developer comparing "just written" software for BSD with ancient versions of Linux counterparts and (surprisingly) finding xxxBSD version to be better. My point being: dm-crypt.
If you are interested in Linux 2.6 encrypted partition, use dm-crypt together with cryptsetup tool. It's much safer than AES loop and:
OK, I'm tired, go read the links and you'll be much wiser and better informed than after reading TFA ;)
Robert
Bastard Operator From 193.219.28.162
He seems to have a relevant worry about the lack of atomicity when writing to a GBDE encrypted device. However he fails to notice that this happens only because GBDE has addressed a problem which every other disk encryption seems to have ignored. You get certain security advantages from probabilistic encryption. But probabilistic encryption implies the encrypted version must be slightly larger than the clear text.
More than once has the use of deterministic encryptions lead to weaknesses in disk encryptions. And often the workarounds require additional CPU power. And even the most careful deterministic encryption can never be as secure as a probabilistic encryption.
GBDE does have probabilistic encryption. This also means that obviously an update requires more than one physical write. Though this could be done securely, the way it is done in GBDE seems to give a risk of data loss/corruption. Some kind of journaling could have solved the problem. Having journaling both in the encryption and in the file system seems to be overkill (and clearly hurts performance), but integrating the two without compromising security is nontrivial. I'd like to see some more research in this area.
From my description it may sound like from a cryptographic viewpoint GBDE is the best designed disk encryption in existence. Unfortunately it isn't so. It did get some things right, but it seems to be mostly by luck. GBDE uses different pseudo random keys for each sector, however rather than using a standard PRNG, PHK decided to invent his own known as the Cherry Picker. Unfortunately there is a weakness in this generator as the output is not uniformly random.
To the best of my knowledge GBDE is currently the only disk encryption making use of probabilistic encryption, and none of the disk encryptions in existence make a serious effort at guaranteeing integrity (also known as security against an active adversary).
Do you care about the security of your wireless mouse?
Loop-AES is not the current recommended way of doing this on GNU/Linux.
/boot encrypted, check out: http://www.debian-administration.org/articles/179
For the current method, check out device-mapper, dm-crypt and cryptsetup.
For more information, check out: http://www.saout.de/misc/dm-crypt/
And for a guided howto install Debian on a USB stick with everything but
Cross Crypt - Open Source AES and TwoFish Linux compatible on the fly encryption for Windows XP and Windows 2000.
It uses the excellent Filedisk to appear as a volume in Explorer.
It's GPL, sorry to restate that, but I dunno if you read the headline fully or not.
[% slash_sig_val.text %]
the parent is a troll and an idiot, but you seem to be genuinely asking, so i'll take the time to answer.
GUI quality: The troll gives no indication of what or how he's measuring. it's difficult to deny that MS's GUIs are more polished, but there are numerous inconstancies. GUIs available on unix systems, including FreeBSD, tend to be more configurable. i'm inclined to agree that traditional X11-based GUIs are behind that of Windows, but that's a far cry from FreeBSD not having one, as the troll claims. also, OS X is widely agreed to be easier to use than Windows' and is unquestionably more technically advanced (we'll see what Vista brings).
Support: The troll's claims that Microsoft is "the world's most trusted software company" is simply laughable. major failures in security and stability in Microsoft products are legendary; their reputation for quality is thoroughly mediocre. they are, however, quite large and do stand behind their products (such as they are) for defined periods of time, which has a certain level of comfort associated with it. FreeBSD, on the other hand, has much higher initial quality and also has commercial support available from various sources. the open source nature of FreeBSD and the vibrant community existing around it also means particularly obscure problems are more addressable than they are in Windows, where you're left waiting for Microsoft to release a patch. again, there are trade offs to be made, but i think FreeBSD is a clear winner here.
Cost and convenience: It is undeniable that having the system pre-installed is a huge win for convenience. but the troll goes way off-track from there. first, XP is available pre-installed, but for how many architectures, maybe two (x86 and itanium)? FreeBSD is available on about a half dozen (NetBSD, incidentally, is available on dozens); this is particularly important in the sever and appliance realms, which are FreeBSD's primary target spaces. FreeBSD is available pre-installed at least on server equipment (i don't know of anyone who does workstations/laptops). the troll claims that XP is free, which is flatly false: the cost is bundled in the cost of the hardware. the troll is also implicitly defining terms like "every major manufacturer" to be only ones he cares about: get me an XP system from Sun or Apple, for example.
Stability/scalability:Again, the troll gives no measurements. at a minimum, XP has a reputation for being unreliable. in my experience at work, XP is a step down in stability and reliability from 2000, although both of these are still leaps ahead of any Microsoft system predating that (except probably DOS, which was highly stable by virtue of being so tremendously simple). DoS-style attacks which bring down the system remain common against XP and virtually unheard of against FreeBSD. FreeBSD is highly stable. the standard edition of XP also scales to 2 processors; special versions are available to get it up to higher number, but still pretty modest number of processors (i think it was 16, but i don't remember). i'm not sure specifically what SMP problems the troll is talking about (again, no specifics), but i've personally run FreeBSD on dual-processor SMB systems without issue and other BSDs on systems much, much larger than any Microsoft product has any hope of touching. for reference, note that BSD-based systems hold many places in the Top 500 supercomputer list, including several in the top 20; Windows can't hope to touch that level of performance.
Software availability: No, troll, not everyone uses it. but yes, it does have more software. for that reason, when i was Director of IT for our company, we continued to by Windows boxes; our accounting package wasn't available on any other platform. but this very much depends what you need. FreeBSD certainly runs a far cry more than vi. most things that'll run on other open-source systems like Linux,
i speak for myself and those who like what i say.
Seagate has announced a laptop disk that does full disc encryption in hardware, without slowing down disc I/O at all. Seems like that makes software solutions (which are subject to reverse engineering, etc.) decidedly inferior.
... an idea, the fugitive fermentation of an individual brain ... -- T. Jefferson
OpenBSD by default encrypts the swap-partition. Read the paper by Nils Provos.
Wow, I thought you were wrong about it being on by default, so I checked the CVS entries. I knew OpenBSD's swap encryption had very little impact on swapping performance, but it seems that this was switched on by default 9 months ago and I didn't even notice. I guess that shows how little impact it has.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Thanks to the poster above who pointed this out to me...
:) The write operations took a lot of CPU cycles in kjournald (I'm using ext3 so you may get better speeds with other filesystems).
I am using dm-crypt on top of a level 5, 3 disk SATA raid.
The system just used a normal aes.ko module so I decided to try the aes-i586.ko module (the server is a Athlon XP 2400+ with 512 MB RAM).
Here are my results:
Control Read test file (non-crypted)...
1) 0.01user 1.43system 0:17.99elapsed 8%CPU
2) 0.03user 1.43system 0:18.07elapsed 8%CPU
3) 0.03user 1.43system 0:17.94elapsed 8%CPU
AES
===
Write test file....
1) 0.05user 4.99system 0:53.26elapsed 9%CPU
2) 0.05user 4.88system 0:52.85elapsed 9%CPU
3) 0.06user 4.87system 0:50.14elapsed 9%CPU
Read test file....
1) 0.03user 2.00system 0:36.44elapsed 5%CPU
2) 0.03user 1.97system 0:36.99elapsed 5%CPU
3) 0.03user 1.94system 0:35.55elapsed 5%CPU
AES-i586
========
Write test file....
1) 0.06user 4.65system 0:42.12elapsed 11%CPU
2) 0.03user 4.90system 0:40.38elapsed 12%CPU
3) 0.04user 4.77system 0:42.02elapsed 11%CPU
Read test file....
1) 0.03user 1.87system 0:22.22elapsed 8%CPU
2) 0.04user 1.91system 0:21.80elapsed 8%CPU
3) 0.02user 1.90system 0:22.00elapsed 8%CPU
As you can see the results with aes-i586 are significantly better
Does anyone know of any reason not to use aes-i586.ko?? I assume they are exactly equiv?
Anyways, I've added the line:
alias aes aes-i586
to my modprobe.conf.
Cheers for the advice.