[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Crypted filesystem
On Thursday, 8. January 2004 12:03, Philippe Vogel wrote:
> The original bootloader (grub) is replaced by the security driver and I had
> to use W2K bootloader instead.
Huh? I'm running a SuSE 8.2 with an encrypted files system myself (standard
SuSE encryption stuff) and I am using grub just like I would without the
encrypted stuff. I also got windows working on that system. It's hardly any
work to set this up.
According to the URL and the OS versions mentionned there I'd say this one is
from 1997 and ABSOLUTELY outdated. Reading this article has more to do with
archeology than anything else.
Here is what you do in SuSE 8.2: Start Yast2, select "System", then choose
"partitioning". When you create/change a partition in the partition manager
simply choose the "encrypt" option. I guess you will figure out the rest.
> I want to crypt a filesystem on another machine (dual PII 350/512MB ram)
> with lvm and don't want to have performanceloss because of /dev/loop. I
> first tested this with cryptofs provided by SuSE but I had a great
> performanceloss as you can see here:
> with cryptofs max. 2MB/s over samba
> w/o cryptofs max. 6-9 MB/s over samba
Have a look at
(note that they give you mega BITs per second, not bytes). For a machine
comparable to yours you would probably get 30Mbit/s or around 3.75MB/s.
Taking into consideration that your system also has other things to do you
won't get much more than your 2MB/s, simply because your CPU is not fast
This is assuming en/decryption will only use one CPU for a given read
request. _Maybe_ if you send Samba 2 read requests in parallel, it will send
the OS two read requests that will be processed by both CPUs, thus doubling
the decryption speed.
Another solution could be to look for other, more detailed benchmarks and
choose a faster algorithm and a shorter keylength. But Yast2 will not let you
do this so easily.
Denn der Menschheit drohen Kriege, gegen welche die vergangenen wie armselige
Versuche sind, und sie werden kommen ohne jeden Zweifel, wenn denen, die sie
in aller Öffentlichkeit vorbereiten, nicht die Hände zerschlagen werden.
Bertolt Brecht, 1952
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here