From owner-freebsd-security Wed Oct 10 5:33:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id 43D7337B403 for ; Wed, 10 Oct 2001 05:33:23 -0700 (PDT) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.6/8.11.6) with ESMTP id f9ACWmV19152; Wed, 10 Oct 2001 14:32:52 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Adam Laurie Cc: xskoba1@kremilek.gyrec.cz, security@FreeBSD.ORG, Ben Laurie Subject: Re: "Rubbish" idea on security In-Reply-To: Your message of "Wed, 10 Oct 2001 13:24:31 BST." <3BC43DFF.C356A86A@algroup.co.uk> Date: Wed, 10 Oct 2001 14:32:48 +0200 Message-ID: <19150.1002717168@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <3BC43DFF.C356A86A@algroup.co.uk>, Adam Laurie writes: >this would be quite easy with cfs >(http://www.freebsddiary.org/encrypted-fs.php) - you'd need an >unencrypted boot that got you up far enough to run (say) sshd, then log >in and unlock the main filesystem and finish the boot. however, if the >thief knows that it's protected in this way, all they need to do is >maintain the power until they can copy the files. it would of course >provide good protection against opportunist or ram-raid style theft >though. If you want to physically protect information, then study the PAL/SL/WL system on atomic warheads: http://www.google.com/search?q=permissive+action+link http://www.google.com/search?hl=en&q=warhead+weak+strong+link -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message