Re: RFC: backporting GEOM to the 4.x branch

[Bill Hacker <wbh@xxxxxxxxxxxxx>]

Ed wrote:

> On Thursday 03 March 2005 00:05, Matthew Dillon wrote:
>
> >   Personally speaking I have no problem making ultra encryption available
> >   to the general public, but I do believe (personally speaking) that the
> >   *default* should be something slightly less secure just so criminals
> >   and terrorists (at least the stupid ones, which is most or they wouldn't
> >   be criminals or terrorists), don't get an automatic boost from our work.
>
>
>
> "Terrorists use Linux."

That sort, as with anyone else with information to protect, do not rely 
on any 'on box' system.

- If it is 'on box' the keys, passphrases - whatever - can be sniffed / 
recorded when used.

- If encryption is not 'reversible' by the owner of the information, it 
is useless.

- The most complex and 'unbreakable' of algorithms becomes pure overhead 
when
IS-spoofing, purloining, intercepting, or 'rubber-hose' obtaining of the 
keys is / easier / faster / cheaper.

Optional userland, user-unique 'per-file' encryption is useful, not 
impregnable, but can
be at least as secure, perhaps more so, and requires nothing special of 
the fs or os.

CD/DVD-R have made 'One Time Pad' generation, exchange, storage, and use 
dead easy,
 and OTP - properly used -  still ranks very high in resistance to 
cracking.

File systems should be robust, reliable, recoverable from common faults, 
and fast.
In that order.

Anything complex embedded into the fs is a waste if a 'root' privilege 
exists.

Were it otherwise, encrypted fs would have become the rule, not the 
exception, long since.

Leave these things up to userland tools.

They wouldn't - and shouldn't - trust a 'system feature' anyway - not 
even on their own single-user box.


Bill