Date: Mon, 16 Apr 2012 19:26:41 -0400 From: Robert Simmons <rsimmons0@gmail.com> To: freebsd-geom@freebsd.org Subject: Re: Automatic Geli? Message-ID: <CA%2BQLa9DtSvStGiZk%2BtfD50ddshvuzjEv7pPTPXcjwPes1BCuYA@mail.gmail.com> In-Reply-To: <103630107.20120416150821@serebryakov.spb.ru> References: <COL115-W4014B9D06091DFE170C09BA5370@phx.gbl> <20120411093458.GC1319@garage.freebsd.pl> <4f864bb4.Q7/highsGaOoTKF6%perryh@pluto.rain.com> <CA%2BQLa9AVHELB%2B=BPZ611cu3v4vWxpKoFMe91Sdnk=0RtSB%2BMFw@mail.gmail.com> <103630107.20120416150821@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 16, 2012 at 7:08 AM, Lev Serebryakov <lev@freebsd.org> wrote: > Hello, Robert. > You wrote 12 апреля 2012 г., 20:24:25: > >> It will stop those who can figure out how???? It's a file in the >> unencrypted portion of the image. "extracting" would entail "geli >> attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0" > >> There is no effort involved. And they are not "bypassing the >> encryption" or "making offline access non-trivial". They are "doing >> it wrong". > >> I'm not sure that anything you said makes sense. > It makes perfect sense. If you know only Windows and use this "cache" > CD in small office as some "black box", you cannot call "geli > attach". You could read CD and even unpack "tar.gz" but nothing more. > Any non-standard encryption, even with empty passphrase is adequate > protection in such cases. Not intelligent. If it is meant as a cache in this case, and geli lets you setup a provider with a one time key for precisely this exact purpose, then using the software incorrectly is stupid. And, no, it's not adequate protection to use a blank passphrase. That too is stupid. You're making a bad argument.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9DtSvStGiZk%2BtfD50ddshvuzjEv7pPTPXcjwPes1BCuYA>