Date: Tue, 7 Sep 2004 14:15:09 -0700 From: steve@Watt.COM (Steve Watt) To: ctodd@chrismiller.com Cc: hackers@freebsd.org Subject: Re: Booting encrypted Message-ID: <200409072115.i87LF9HS053419@wattres.Watt.COM> In-Reply-To: ctodd@chrismiller.com "Re: Booting encrypted" (Sep 7, 13:54)
next in thread | raw e-mail | index | archive | help
On Sep 7, 13:54, ctodd@chrismiller.com wrote: } Subject: Re: Booting encrypted } } > Having the password compiled in to something that's necessarily clear-text } > on the same media? } } If the authorization mechanism is limited to plain text, then yes. I know } that "strings" can be used to attempt to find the passphrase in the load, } but there may be ways to prevent the passphrase from being retrieved in } this manner. It can be a 256-bit AES key for all I care -- it simply must be the key necessary to decrypt the remaining contents of the filesystem available in a way that it can be fed to the crypto algorithm and get plain-text of the filesystem out. And the key must be in plain-text, because you don't have any keys available to decrypt the key... } > You're not adding anything resembling a challenge for someone who's really } > interested in reverse-engineering your system. Any user (I won't call such } > a person *acker) incapable of getting around such a thing probably won't } > be trying to reverse-engineer it anyhow. } } Well the point is to have a system where the entire filesystem (except the } loader of coarse) is encrypted. Runtime access to the system via the shell } would be removed or locked down. } } I wasn't able to find any info about booting encrypted filesystems, but I } can't believe I'm the only one that has raised the question. Because it doesn't contribute any security to the system to have the bootable partition encrypted, or else you wind up requiring a password to boot (not necessarily a bad thing, but probably not appropriate for your application). -- Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.8" / 37N 20' 14.9" Internet: steve @ Watt.COM Whois: SW32 Free time? There's no such thing. It just comes in varying prices...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409072115.i87LF9HS053419>