From owner-freebsd-hackers@FreeBSD.ORG Thu May 15 02:17:28 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9973637B401 for ; Thu, 15 May 2003 02:17:28 -0700 (PDT) Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0456843F75 for ; Thu, 15 May 2003 02:17:28 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-38lc0g1.dialup.mindspring.com ([209.86.2.1] helo=mindspring.com) by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19GErT-0007Qm-00; Thu, 15 May 2003 02:17:16 -0700 Message-ID: <3EC35ACB.BFA5DE86@mindspring.com> Date: Thu, 15 May 2003 02:15:55 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Narvi References: <20030514214341.T40030-100000@haldjas.folklore.ee> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4426002ec570eb06b3c06dfb2e37bfea9a2d4e88014a4647c350badd9bab72f9c350badd9bab72f9c cc: hackers@freebsd.org cc: Stalker Subject: Re: Crypted Disk Question X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 May 2003 09:17:28 -0000 Narvi wrote: > > The question boils down to "How does this automatic process know > > it's you, and not someone else, turning on the computer?". > > Well, this is not entirely fair - a removed from server hard disk would in > the scenario still remain locked and data inacessible. Similarily, for the > removal of the server, say using an iButton or USB drive or similar that > is needed to unlock the data but would be kept separately. Anything that doesn't require a human to intervene can be subverted. If there are people with sufficient physical access to the disk that it needs to have its contents encrypted in the first place, then they have sufficient physical access to put a breakout between the computer and any serial or USB or other dongle you can name. > You could say have an expect script watching the serial console output and > enter the key. And if you had sufficient physical access to the drive to be able to read its raw data, then you have sufficient access to capture the key entry by the other box by inserting a tap and rebooting the box that needs the key on reboot. > Another way would be having the server establishing a ssh > session to a machine to get the key. If the ssh is automatic, either because of symmetric key distribution, or because your passpharase is blank... then, again, it's easy to intercept the exchange. If it's safe from this, then it requires a human to enter a passphrase, and you are back to the original problem. > it really depends on what kinds of reasons the encryption > is being used for and whats the spectrum of allowable tradeoffs. The only reason for an encrypted drive, since once you are logged in, and have entered the password, the drive is not crypted, is fear about someone else with physical access to the drive. -- Terry