Date: Tue, 8 Sep 2015 13:52:24 -0600 From: Richard Hodges <richard@hodges.org> To: freebsd-hackers@freebsd.org, "Li, Xiao" <xaol@amazon.com> Cc: Igor Mozolevsky <igor@hybrid-lab.co.uk>, Analysiser <analysiser@gmail.com> Subject: Re: Passphraseless Disk Encryption Options? Message-ID: <201509081352.25700.richard@hodges.org> In-Reply-To: <D2147761.1A53%xaol@amazon.com> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> <CADWvR2iVubsBQjnvQ8mDGGS7ujsR8wPQ2RAxn=kvFkmVGQkXiQ@mail.gmail.com> <D2147761.1A53%xaol@amazon.com>
index | next in thread | previous in thread | raw e-mail
On Tuesday 08 September 2015,"Li, Xiao via freebsd-hackers" <freebsd-hackers@freebsd.org> wrote: > Agreed, thatıs why Iım stuck in here: it seems like something either > unachievable or havenıt been done before. The decryption key has to come from somewhere. Usually someone types it in, but they key could be on removable media, like a USB memory stick, a CD ROM, floppy, etc. I think you hinted at secure boot. Do you trust the security of the motherboard? But if someone steals your hard drives, can't they also steal your other hardware? It might be interesting to think about an external key, such as in a USB stick, that could be set to self-destruct (eg, overvoltage) coupled with a tamper sensor. If you could describe your threat model in more detail, and tell exactly what parts are trusted, someone might have a helpful idea. -Richardhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201509081352.25700.richard>