Jon Stewart on 19 Nov 2003 01:29:55 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [hosers-talk] script-fu for trash

> Thus spake "Jon Stewart":
> > 
> > It would be really cool to have a crypto layer between the hard disk 
> > driver and the file system, which prompted for a password/key at 
> > boot-time, and encrypted every fucking byte with, say, 256-bit AES.
> That doesn't sound like it would be very hard to hack together, especially
> if you already have an AES implementaion and are just grafting it to an
> existing filesystem. It sure would make file I/O suck if you didn't have
> any crypto hardware, though.

AES uses the Rijndael algorithm which is about as efficient as strong
crypto can get; just a handful of elementary operations. SIMD vector
operations could give you some nifty optimizations. With block transfer
devices, you've got your data grouped all together, so you get good cache
performance. Ultimately you're taking on a a few more CPU cycles per byte,
which pales in comparison to number of cycles you have to wait to read in
a fucking byte. I think there would be a hit, but not so great.

Hmm... this is somewhat interesting, frankly. Mebbe I'll hafta' read some 
linux docs. Although it would probably be super-easy on Darwin with the 
IO kit... but then I'd have to figure out how to build Darwin. :-(

Wouldn't you need some interaction with the boot loader? I suppose that, 
first things first, you don't worry about bootstrapping and simply try to 
get a separate /home partition under crypto. Apple's doing very much the 
same thing in Panther with the "File Vault" feature, but I've heard 
murmurings about it using disk images and being, um, lossy. Since they've 
already got a sweet-ass driver model -- which allows for cleanly stacking 
layers of drivers -- it sounds like they didn't put the A team on File 

Jon Stewart                                 Advanced Los Angeles C++
hosers-talk mailing list