Joel Uckelman on 19 Nov 2003 02:38:23 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [hosers-talk] script-fu for trash

Thus spake "Jon Stewart":
> > Thus spake "Jon Stewart":
> > > 
> > > It would be really cool to have a crypto layer between the hard disk 
> > > driver and the file system, which prompted for a password/key at 
> > > boot-time, and encrypted every fucking byte with, say, 256-bit AES.
> > 
> > That doesn't sound like it would be very hard to hack together, especially
> > if you already have an AES implementaion and are just grafting it to an
> > existing filesystem. It sure would make file I/O suck if you didn't have
> > any crypto hardware, though.
> AES uses the Rijndael algorithm which is about as efficient as strong
> crypto can get; just a handful of elementary operations. SIMD vector
> operations could give you some nifty optimizations. With block transfer
> devices, you've got your data grouped all together, so you get good cache
> performance. Ultimately you're taking on a a few more CPU cycles per byte,
> which pales in comparison to number of cycles you have to wait to read in
> a fucking byte. I think there would be a hit, but not so great.
> Hmm... this is somewhat interesting, frankly. Mebbe I'll hafta' read some 
> linux docs. Although it would probably be super-easy on Darwin with the 
> IO kit... but then I'd have to figure out how to build Darwin. :-(
> Wouldn't you need some interaction with the boot loader? I suppose that, 
> first things first, you don't worry about bootstrapping and simply try to 
> get a separate /home partition under crypto. Apple's doing very much the 
> same thing in Panther with the "File Vault" feature, but I've heard 
> murmurings about it using disk images and being, um, lossy. Since they've 
> already got a sweet-ass driver model -- which allows for cleanly stacking 
> layers of drivers -- it sounds like they didn't put the A team on File 
> Vault.

There already is at least one encrypted file system that Linux can handle,
thought I don't remember the name of it right now.
hosers-talk mailing list