Menu
▾
▴
Re: [vncrypt-users] Can I encrypt virtdisk with password instead of keyfile?
|
From: Jean M. <jm...@pl...> - 2003-09-03 22:54:32
|
On Wed, 3 Sep 2003 21:56:38 +0300, Tommi L=E4tti wrote > On Wed, Sep 03, 2003 at 07:35:53PM +0100, Jean Martin wrote: > > > The other questions: > > > 1,How big file vncrypt can support?10G=A1=A220G=A3=BF or more? > >=20 > > i experienced up to 80Go, my guess is that it can even work with bigg= er=20 disks > > bad luck it's slow to read/write data encrypted, but one can't have=20 > > performance and security at the same time >=20 > done 240 gigs. Took 6 hours to make the dummy file. 'only' 6 hours for 240Go, which crypto was used ? i recall i had roughly around this time for my 80Go, using cbc-blowfish m= ax=20 level availlable, and i'm not sure i was blocked because of the load. to=20 improve speed i would have had to use a lesser encryption level/algo but=20 security was most important. > > > 2=A3=ACCan it work stable under 4.8 and 5.1 or higher? > >=20 > > works fine, afaik, under 4.x, i was unable to compile it for 5.1, so = i had=20 to=20 > > dump files from one box to another when i upgraded my system to 5.1 >=20 > Haven't been able to compile either. Also, the sourceforge site=20 > suggests that it never will. most probably, yep. > I'd give a serious thought to moving to GEOMBDE=20 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypt= ing. html > Gives loads of performance while incorporating better cryptographic=20 algortihms. i fully agree on this, much more than vncrypt does ever, but the more=20 powerfull your box is the more you can get from it as i have been able to= =20 experience, which is something i couldn't get with vncrypt it seemed to r= each=20 a bottleneck whatever CPU i used (but it may be because of me not doing t= he=20 right things.. unlikely but..) and i got better crypto and functionalitie= s,=20 but this is OT. so, quoting myself, one can't have both security and performance. however to stay close to this ML main theme, and to get back to the origi= nal=20 post, if you want to avoid keyfile considering it to be a single point of= =20 failure or else, GEOM/BDE is a possible alternative, vncrypt won't provid= e=20 this kind of trick because of it's concept but bear in mind that either solution makes you stick to one or the other= =20 architecture as you can't mix vncrypt with 5.1+ or bde with 4.x, at prese= nt at=20 least. thus making each of them complementary regarding to your system. -J. > --=20 > Sty -- No trees were destroyed in the sending of this message, however a significant number of electrons were terribly inconvenienced. |
