Date: Sun, 22 Jun 2008 20:14:27 +0100 From: michupitka <temp0607@mail.securge.net> To: freebsd-security@freebsd.org Subject: disk label and geli encrypted slice Message-ID: <485EA493.1050601@mail.securge.net>
next in thread | raw e-mail | index | archive | help
Hello, I'm using geli on laptop PC with only one HDD. Disk is divided into two slices, ad0s1 and ad0s2. Second slice (ad0s2) is encrypted with GEOM ELI using two-factor authentication - passphrase plus keyfile on USB drive. FreeBSD is installed on ad0s2.eli and first slice is not used by this system so let's say that I've got a full disk encryption. Now my question - is it safe to keep backup of encrypted disk's label (dump of bsdlabel /dev/ad0s2.eli) on the same USB drive with keyfile? Information about partitions itself is not important for me, I don't feel like I have to keep it secret, but is it any advantage to attacker if she get her hands not only on keyfile but also on unencrypted BSD label and then gain access to still encrypted media? I'm deliberately omitting the fact that in this scenario attacker has access to unencrypted kernel or /boot directory on USB drive so he could trojan it or do other nasty things to obtain my passphrase later. Michal -- "I do not fear computers. I fear the lack of them." -Isaac Asimov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?485EA493.1050601>