On 1/3/06, Ted Unangst <[EMAIL PROTECTED]> wrote: > On 1/2/06, Travers Buda <[EMAIL PROTECTED]> wrote: > > You've made it very clear that CGD won't be imported into OpenBSD, yet > > you've never explained why, or why you ported it in the first place. > > > > Care to let us in on why? I expect your reply will be a short "no" just > > like a few of your replys to this subject. For what it is worth, I'm > > asking. > > Because, like everyone else, you've failed to pass the articulation test. > http://marc.theaimsgroup.com/?l=openbsd-misc&m=112534721521131&w=2 > OK, I'll try, because I'd be interested in using it on OpenBSD. Since I won't be able to do it myself, any or no answer will qualify ;)
cgd gives users some choice over how to build their encrypted partition. you're able to use different ciphers. you're able to use passphrases or keyfiles (with some tricks one could also do this in OpenBSD, but it'd be a hack and far easier to screw up) you're able to change your passphrase without reencrypting your container. in the unlikely case of a cipher getting broken, you have the possibility to switch instantly, using a tool you know with stable code an the same way you configured it. this is the way it appears. if there are any reasons, why cgd shouldn't be used at all I'd be more than interested to hear them. if there are any reasons not to port this to OpenBSD, nobody will die not knowing them. --knitti
