1 |
On Tue, 2008-03-25 at 09:32 -0700, Grant wrote: |
2 |
> > > > On a notebook, there isn't an OS in existence that is immune to a |
3 |
> > > > LiveCD. |
4 |
> > > |
5 |
> > > Linux is. In the sense that you can't get at the data if the disc is |
6 |
> > > encrypted, even not with a LiveCD. You can only destroy/overwrite it. |
7 |
> > |
8 |
> > Yes, I realised that when typing the original, but left it as is - too |
9 |
> > many IF conditionals would be needed to be accurate and English is |
10 |
> > almost useless at getting IFs to parse correctly :-) |
11 |
> > |
12 |
> > Passwords come from a time when users had terminals that log onto |
13 |
> > machines that are somewhere else and the user can't lay a finger on |
14 |
> > them. Things have indeed changed since 1978 |
15 |
> |
16 |
> Would the type of filesystem encryption you guys are talking about be |
17 |
> unsuitable for a high-traffic server because of performance |
18 |
> considerations? |
19 |
> |
20 |
> - Grant |
21 |
|
22 |
I did some benchmarks recently, posted them on gentoo-security. Long |
23 |
story short: Even my 64bit single-core Celeron can do 256bit AES, 320bit |
24 |
Anubis or 256bit Twofish faster than writing data to the disk (37MB/s). |
25 |
Blowfish, CAST and Serpent are too slow. |
26 |
|
27 |
128bit AES (which I deem good enough for the near future) causes around |
28 |
40% CPU-utilization. |
29 |
|
30 |
Whether it is suitable for your server depends on its usage patterns. |