Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] NAS: encryption

"Edward Ned Harvey (blu)" <blu at> writes:

>> From: Discuss [ at] On
>> Behalf Of Tom Metro
>> I imagine it would be challenging to pull off encryption well with
>> appliance hardware. The first problem is getting the software to do it.
>> (Plus all the automation you've previously discussed to set up the keys
>> on boot.) The second challenge is having the horsepower to perform the
>> encryption. Not impossible if they chose their embedded CPU well, but
>> unlikely to be optimized for that.
> You seem to think there's an obstacle which isn't really real -
> Encryption is very cheap computationally, so cheap indeed it can be
> done by the disks themselves. Yes, it's absolutely possible for
> appliances to utilize disk encryption, either by using its own CPU, or
> by offloading to the disks. I cannot speak to the specifics of any
> particular appliance actually doing it though, as I don't use any of
> them.

I don't trust my disks to do the encryption, mostly because there's
really no way to verify that it's doing it correctly, and the key
management gets a lot harder.  I'd rather use dm-crypt (or the
equivalent).  In either case you still need to figure out how your keys
are going to get provided when the system boots.

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /