Date: Mon, 16 Apr 2012 19:26:41 -0400 From: Robert Simmons <rsimmons0@gmail.com> To: freebsd-geom@freebsd.org Subject: Re: Automatic Geli? Message-ID: <CA%2BQLa9DtSvStGiZk%2BtfD50ddshvuzjEv7pPTPXcjwPes1BCuYA@mail.gmail.com> In-Reply-To: <103630107.20120416150821@serebryakov.spb.ru> References: <COL115-W4014B9D06091DFE170C09BA5370@phx.gbl> <20120411093458.GC1319@garage.freebsd.pl> <4f864bb4.Q7/highsGaOoTKF6%perryh@pluto.rain.com> <CA%2BQLa9AVHELB%2B=BPZ611cu3v4vWxpKoFMe91Sdnk=0RtSB%2BMFw@mail.gmail.com> <103630107.20120416150821@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 16, 2012 at 7:08 AM, Lev Serebryakov <lev@freebsd.org> wrote: > Hello, Robert. > You wrote 12 =D0=B0=D0=BF=D1=80=D0=B5=D0=BB=D1=8F 2012 =D0=B3., 20:24:25: > >> It will stop those who can figure out how???? =C2=A0It's a file in the >> unencrypted portion of the image. =C2=A0"extracting" would entail "geli >> attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0" > >> There is no effort involved. =C2=A0And they are not "bypassing the >> encryption" or "making offline access non-trivial". =C2=A0They are "doin= g >> it wrong". > >> I'm not sure that anything you said makes sense. > =C2=A0It makes perfect sense. If you know only Windows and use this "cach= e" > CD in small office as some "black box", you cannot call "geli > attach". You could read CD and even unpack "tar.gz" but nothing more. > Any non-standard encryption, even with empty passphrase is adequate > protection in such cases. Not intelligent. If it is meant as a cache in this case, and geli lets you setup a provider with a one time key for precisely this exact purpose, then using the software incorrectly is stupid. And, no, it's not adequate protection to use a blank passphrase. That too is stupid. You're making a bad argument.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9DtSvStGiZk%2BtfD50ddshvuzjEv7pPTPXcjwPes1BCuYA>