On Mon, Nov 2, 2009 at 5:28 PM, Jonathan Thornburg <[email protected]> wrote: > In message <http://marc.info/?l=openbsd-misc&m=125695406905777&w=1> > Ted Unangst wrote (commenting on using svnd for encrypting /home on > an OpenBSD laptop) >> 2. People should be advised to use softraid crypto now. > > I'd like to ask a more general question: what are the tradeoffs between > svnd and softraid for this sort of application (encrypting /home or > some other piece(s) of a laptop's disk)?
First, svnd support is not going anywhere or changing. So if you use it, there's no need to migrate unless you want to. softraid offers a few advantages. 1. Better crypto. The crypto algorithm currently used by softraid is designed a little better. It could, in theory, also use hardware, except the choice of algorithm actually prevents that. doh. At the very least, if you decided you needed hardware acceleration, a small change to the code would enable it, whereas with svnd it's a pretty major change. 2. Efficiency. The filesystem in a filesystem incurs more overhead. There's also the fact that svnd goes through the crazy parts of the buffer layer more than you probably want to. Not a big deal, you probably don't notice it much. 3. Administration. softraid is still under development, and the tools and support for it will continue to improve. In particular, without making promises, softraid autodiscovery is a possibility and will likely work better than anything you cook up with vnconfig. The only advantage I can think of for svnd is that it's stabler code and won't be changing in the future, but that's exactly what makes softraid better. Today, they are about equal, but softraid support is going to get better, svnd will not.
