From owner-freebsd-geom@FreeBSD.ORG Mon Apr 16 23:26:42 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AFEF106564A for ; Mon, 16 Apr 2012 23:26:42 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 3A9348FC08 for ; Mon, 16 Apr 2012 23:26:42 +0000 (UTC) Received: by vbmv11 with SMTP id v11so5310522vbm.13 for ; Mon, 16 Apr 2012 16:26:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=mZc4Vw2Rnd23E83iw1BZVVqu+O5l5YzlFx0I/XaKViU=; b=x8r7HW0zp8PNhzSyhOHIHRpSOOkQ5lM8gAbZTo+NKsm6mKnHBpVxbg4SCsXndx9GBT 3QbgEqpoAxHYyPt0cNOalaYLHcIqKysYGDENcTxIK2SeexADvzLg/kHLTu/phk6+Q4Oy iUllfroLNu73272ttEapD0AH0e4QpfxGN8VBtpegAPHux9Uv54TOhaXrBzxZ0qC+KvgD FbOUg3DAziF/o6v9EJNM4dst8+5cWirKCA+CA32sGNMbEUlhrY8E4rKCgV9/mC3tO7zy 6MtNO9ACBMT1NP3lDex8Z1cESZe4rOeuaJo4olq6+4eFa8dXbygvFoamPlmrGgxhxGW7 fMaA== MIME-Version: 1.0 Received: by 10.52.95.42 with SMTP id dh10mr5705718vdb.37.1334618801626; Mon, 16 Apr 2012 16:26:41 -0700 (PDT) Received: by 10.52.66.239 with HTTP; Mon, 16 Apr 2012 16:26:41 -0700 (PDT) In-Reply-To: <103630107.20120416150821@serebryakov.spb.ru> References: <20120411093458.GC1319@garage.freebsd.pl> <4f864bb4.Q7/highsGaOoTKF6%perryh@pluto.rain.com> <103630107.20120416150821@serebryakov.spb.ru> Date: Mon, 16 Apr 2012 19:26:41 -0400 Message-ID: From: Robert Simmons To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: Automatic Geli? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Apr 2012 23:26:42 -0000 On Mon, Apr 16, 2012 at 7:08 AM, Lev Serebryakov wrote: > Hello, Robert. > You wrote 12 =D0=B0=D0=BF=D1=80=D0=B5=D0=BB=D1=8F 2012 =D0=B3., 20:24:25: > >> It will stop those who can figure out how???? =C2=A0It's a file in the >> unencrypted portion of the image. =C2=A0"extracting" would entail "geli >> attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0" > >> There is no effort involved. =C2=A0And they are not "bypassing the >> encryption" or "making offline access non-trivial". =C2=A0They are "doin= g >> it wrong". > >> I'm not sure that anything you said makes sense. > =C2=A0It makes perfect sense. If you know only Windows and use this "cach= e" > CD in small office as some "black box", you cannot call "geli > attach". You could read CD and even unpack "tar.gz" but nothing more. > Any non-standard encryption, even with empty passphrase is adequate > protection in such cases. Not intelligent. If it is meant as a cache in this case, and geli lets you setup a provider with a one time key for precisely this exact purpose, then using the software incorrectly is stupid. And, no, it's not adequate protection to use a blank passphrase. That too is stupid. You're making a bad argument.