From nobody Sun Jan 9 15:20:59 2022 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 385781942399 for ; Sun, 9 Jan 2022 15:21:08 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 4JX0z73LTXz4RNj for ; Sun, 9 Jan 2022 15:21:07 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from [IPV6:2607:fb90:a23a:4c50:3c4b:f70c:6462:ee12] (unknown [172.58.137.110]) (Authenticated sender: galtsev) by kicp.uchicago.edu (Postfix) with ESMTPSA id C47304E48B for ; Sun, 9 Jan 2022 09:21:00 -0600 (CST) Message-ID: Date: Sun, 9 Jan 2022 10:20:59 -0500 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.4.1 Subject: Re: entering geli passphrase only once at FreeBSD boot Content-Language: en-US To: questions@freebsd.org References: <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> <20220109145048.141b35831e07ad9fa8a73c66@sohara.org> From: Valeri Galtsev In-Reply-To: <20220109145048.141b35831e07ad9fa8a73c66@sohara.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4JX0z73LTXz4RNj X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu (policy=none); spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu X-Spamd-Result: default: False [-2.90 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[172.58.137.110:received]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; RCVD_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none] X-ThisMailContainsUnwantedMimeParts: N On 1/9/22 9:50 AM, Steve O'Hara-Smith wrote: > On Sun, 9 Jan 2022 16:07:12 +0300 > Yes that can be done easily enough. You could also use an RFID > reader and prepare a writable chip. There are lots of ways of hiding > secrets. > If RFID chip is involved, part of "hiding" [secret] is to keep card with RFID chip inside shielding sleeve. Or the guy with RF scanner standing next to will easily read it. Valeri PS My wallet has RF shielding foil inserts ;-) -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++