From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JeCjT-0002K3-FC for garchives@archives.gentoo.org; Tue, 25 Mar 2008 17:14:43 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E9795E07BE; Tue, 25 Mar 2008 17:14:41 +0000 (UTC) Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com [66.111.4.27]) by pigeon.gentoo.org (Postfix) with ESMTP id C3677E07BE for ; Tue, 25 Mar 2008 17:14:41 +0000 (UTC) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 97FAFE35A5; Tue, 25 Mar 2008 13:14:41 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Tue, 25 Mar 2008 13:14:41 -0400 X-Sasl-enc: TD6l3SFh3WGZ7YgwqWbXwVHhO5fm597nw3pjXifqbVYj 1206465280 Received: from [10.161.240.128] (unknown [212.23.103.123]) by mail.messagingengine.com (Postfix) with ESMTPSA id 27E6830653 for ; Tue, 25 Mar 2008 13:14:39 -0400 (EDT) Subject: Re: [gentoo-user] Recovering root password From: Florian Philipp To: gentoo-user@lists.gentoo.org In-Reply-To: <49bf44f10803250932q138a1627mba929844d0218689@mail.gmail.com> References: <49bf44f10803241330r3b447b4bkde7a062c73905b94@mail.gmail.com> <200803251025.17569.alan.mckinnon@gmail.com> <200803250932.45190.dirk.heinrichs.ext@nsn.com> <200803251728.18275.alan.mckinnon@gmail.com> <49bf44f10803250932q138a1627mba929844d0218689@mail.gmail.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-sZmpjs6Y64nUU54H9qZg" Date: Tue, 25 Mar 2008 18:14:19 +0100 Message-Id: <1206465259.30987.62.camel@NOTE_GENTOO64.PHHEIMNETZ> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 X-Archives-Salt: 900415e5-5d12-42f2-9310-8b822f542733 X-Archives-Hash: 9843a1dbb86fe2514d62a04c7cf6adac --=-sZmpjs6Y64nUU54H9qZg Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2008-03-25 at 09:32 -0700, Grant wrote: > > > > On a notebook, there isn't an OS in existence that is immune to a > > > > LiveCD. > > > > > > Linux is. In the sense that you can't get at the data if the disc is > > > encrypted, even not with a LiveCD. You can only destroy/overwrite it= . > > > > Yes, I realised that when typing the original, but left it as is - too > > many IF conditionals would be needed to be accurate and English is > > almost useless at getting IFs to parse correctly :-) > > > > Passwords come from a time when users had terminals that log onto > > machines that are somewhere else and the user can't lay a finger on > > them. Things have indeed changed since 1978 >=20 > Would the type of filesystem encryption you guys are talking about be > unsuitable for a high-traffic server because of performance > considerations? >=20 > - Grant I did some benchmarks recently, posted them on gentoo-security. Long story short: Even my 64bit single-core Celeron can do 256bit AES, 320bit Anubis or 256bit Twofish faster than writing data to the disk (37MB/s). Blowfish, CAST and Serpent are too slow. 128bit AES (which I deem good enough for the near future) causes around 40% CPU-utilization. Whether it is suitable for your server depends on its usage patterns.=20 --=-sZmpjs6Y64nUU54H9qZg Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQBH6TLrqs4uOUlOuU8RAlIZAJ9ih1LpanYQd0AAd9awRyVjSbXp4ACcDn10 7zudUv6fibLn5RcJIvgpDMM= =kDuk -----END PGP SIGNATURE----- --=-sZmpjs6Y64nUU54H9qZg-- -- gentoo-user@lists.gentoo.org mailing list