On 1/3/06, knitti <[EMAIL PROTECTED]> wrote: > cgd gives users some choice over how to build their encrypted partition. > you're able to use different ciphers. > in the unlikely case of a cipher getting broken, you have the possibility to > switch instantly, using a tool you know with stable code an the same way > you configured it.
this is really not that useful. why would you pick anything other than "the best" when setting it up? and after it's setup, you can't change. the idea that once a cipher is broken you could migrate is nice, but think about it. are you equipping all your servers with double storage so that you can copy and reencrypt everything? i doubt anyone has thougt more than 10 seconds about what the migration procedure would really be. anyway, it's not that hard to switch ciphers in svnd. how critical is your timeframe? can you wait 24 hours to upgrade? do you have a beeper set to wake you up everytime somebody posts to sci.crypt? > you're able to use passphrases or keyfiles (with some tricks one could also > do this in OpenBSD, but it'd be a hack and far easier to screw up) this is a change that's fairly easy to bring about. > you're able to change your passphrase without reencrypting your container. not really, or at least not any more so than with svnd.
