Re: [gentoo-user] Recovering root password

[Florian Philipp <lists@f_philipp.fastmail.net>]

[-- Attachment #1: Type: text/plain, Size: 1330 bytes --]


On Tue, 2008-03-25 at 09:32 -0700, Grant wrote:
> >  > > On a notebook, there isn't an OS in existence that is immune to a
> >  > > LiveCD.
> >  >
> >  > Linux is. In the sense that you can't get at the data if the disc is
> >  > encrypted, even not with a LiveCD. You can only destroy/overwrite it.
> >
> >  Yes, I realised that when typing the original, but left it as is - too
> >  many IF conditionals would be needed to be accurate and English is
> >  almost useless at getting IFs to parse correctly :-)
> >
> >  Passwords come from a time when users had terminals that log onto
> >  machines that are somewhere else and the user can't lay a finger on
> >  them. Things have indeed changed since 1978
> 
> Would the type of filesystem encryption you guys are talking about be
> unsuitable for a high-traffic server because of performance
> considerations?
> 
> - Grant

I did some benchmarks recently, posted them on gentoo-security. Long
story short: Even my 64bit single-core Celeron can do 256bit AES, 320bit
Anubis  or 256bit Twofish faster than writing data to the disk (37MB/s).
Blowfish, CAST and Serpent are too slow.

128bit AES (which I deem good enough for the near future) causes around
40% CPU-utilization.

Whether it is suitable for your server depends on its usage patterns. 

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]