As an interim solution, CFS [5] is included in the OpenBSD ports system and can be readily used. However, it does not provide the level of transparency we would like, and its performance is well below what we consider acceptable for general use. Clearly, more work is needed in this area.
Another issue related to secure storage is that of secure logging. Logs (and especially security-related logs) are extremely important in determining whether a system is under attack or has been compromised. The current logging facility, syslog, does not provide any facilities for detecting log-tampering, other than the option to send log messages to another host's syslogd. We are currently porting the ssyslog package [37] and are hoping to seamlessly replace the currently-used syslogd.
The remainder of this section briefly covers our bcrypt, approach to protecting user passwords, developed inside OpenBSD.