This is crappy howto. *encryption* there are as much as creating unsecure (without -K) single storage volume...
We are talking about full disk encryption here, like mounting encrypted root partition :) Problems: * vnconfig -K makes use of file images. would be much simplier if it could use raw disks. * kernel can't pick up and ask for passphrase for encrypted root file system partition. * salt + passhrase are used directly to encrypt data, so no easy change of passphrase without reformating image... don't know if thats a big problem.... * no possibilities to change algorithms/chipers. guess this isn't big problem either, since blowfish is kinda strong :) Perhaps if making vnconfig to work with raw devices and putting in kernel crypto stuff which could ask for root-fs passphrase, then we could have full disk encrypton, except for kernel rc and MBR which should reside on unencrypted bootable medium like CD,usb, hdd... Thats how I understand it.... On 7/16/07, Adriaan <[EMAIL PROTECTED]> wrote:
On 7/15/07, Richard Storm <[EMAIL PROTECTED]> wrote: > I am very interested in full disk encryption too. > I guess it comes slowly, since there now is mount_vnd in -current, > maybe could make use of it. > If you find out something, give me know :) > http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto =Adriaan=
