| 1 |
On Tue, 2008-03-25 at 09:32 -0700, Grant wrote: |
| 2 |
> > > > On a notebook, there isn't an OS in existence that is immune to a |
| 3 |
> > > > LiveCD. |
| 4 |
> > > |
| 5 |
> > > Linux is. In the sense that you can't get at the data if the disc is |
| 6 |
> > > encrypted, even not with a LiveCD. You can only destroy/overwrite it. |
| 7 |
> > |
| 8 |
> > Yes, I realised that when typing the original, but left it as is - too |
| 9 |
> > many IF conditionals would be needed to be accurate and English is |
| 10 |
> > almost useless at getting IFs to parse correctly :-) |
| 11 |
> > |
| 12 |
> > Passwords come from a time when users had terminals that log onto |
| 13 |
> > machines that are somewhere else and the user can't lay a finger on |
| 14 |
> > them. Things have indeed changed since 1978 |
| 15 |
> |
| 16 |
> Would the type of filesystem encryption you guys are talking about be |
| 17 |
> unsuitable for a high-traffic server because of performance |
| 18 |
> considerations? |
| 19 |
> |
| 20 |
> - Grant |
| 21 |
|
| 22 |
I did some benchmarks recently, posted them on gentoo-security. Long |
| 23 |
story short: Even my 64bit single-core Celeron can do 256bit AES, 320bit |
| 24 |
Anubis or 256bit Twofish faster than writing data to the disk (37MB/s). |
| 25 |
Blowfish, CAST and Serpent are too slow. |
| 26 |
|
| 27 |
128bit AES (which I deem good enough for the near future) causes around |
| 28 |
40% CPU-utilization. |
| 29 |
|
| 30 |
Whether it is suitable for your server depends on its usage patterns. |
Archives