On Wed, Jun 19, 2013 at 9:20 PM, Peter Eisentraut <peter_e@gmx.net> wrote:
On Thu, 2013-04-18 at 15:16 -0500, Adam Vande More wrote: > On this page http://www.postgresql.org/docs/9.2/static/encryption-options.html, > "gbde" is listed as the method for encrypting block devices. While > correct, "geli" is a much more appropriate mention as it's a more > powerful(e.g. aes-ni support) and secure(more ciphers, data > authentication,etc) solution.
Could you provide an updated wording? (E.g., should we just replace gbde by geli, or list both?)
Sure, here is a change that encompasses more than my original observation. Take or leave or modify what you wish.
pseudo diff
-"On Linux, encryption can be layered on top of a file system using a "loopback device". This allows an entire file system partition to be encrypted on disk, and decrypted by the operating system. On FreeBSD, the equivalent facility is called GEOM Based Disk Encryption (gbde), and many other operating systems support this functionality, including Windows."
+"There are at least two methods of encrypting a file system. The first is to use a tool which implements an encrypted file system. On Linux, eCryptfs or EncFS are commonly used for this while FreeBSD uses PEFS. The other and perhaps more common method is to encrypt the block device a file system or swap partition resides on. These types of solutions can also provide full disk encryption. Linux generally uses dm-crypt + LUKS for this functionality with other options dependent on kernel version/distro. On FreeBSD, there are two GEOM modules to encrypt block devices: geli & gbde with geli being the preferred solution for speed, security, and options. Many other operating system have their own method of block device or full disk encryption."