Date: Fri, 17 Sep 2004 23:51:08 +0200 (CEST) From: Svein Halvor Halvorsen <svein-freebsd-questions@theloosingend.net> To: Jim.Kinsey@nokia.com Cc: freebsd-questions@FreeBSD.org Subject: Re: Hard drive encryption Message-ID: <20040917233831.L76874@mirrorball.thelosingend.net> In-Reply-To: <59A36C4D2F9E7243BEB522274F72C30390B90A@mvebe001.americas.nokia.com> References: <59A36C4D2F9E7243BEB522274F72C30390B90A@mvebe001.americas.nokia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Jim.Kinsey@nokia.com, 2004-09-16] > I understand that gbde requests a password before the partition can be > mounted anyway so this simulates the same functionality of PointSEC, > but since it is part of the OS, it seems that if someone has access to > the OS, they could still get in. Is that right? See gbde(4) http://www.freebsd.org/cgi/man.cgi?query=gbde&sektion=4 The objective of this facility is to provide a high degree of denial of access to the contents of a ``cold'' storage device. Be aware that if the computer is compromised while up and running and the storage device is actively attached and opened with a valid pass-phrase, this facility offers no protection or denial of access to the contents of the storage device. If, on the other hand, the device is ``cold'', it should present an formidable challenge for an attacker to gain access to the contents in the absence of a valid pass-phrase. Four cryptographic barriers must be passed to gain access to the data, and only a valid pass-phrase will yield this access. A "cold" device should be understood as a hard drive (or other geom- device) that is not powered on, or that has not yet been opened by a valid pass-phrase. For more info on the four barriers, read the rest of the manual page. GBDE should not be any less secure just because the OS has builtin support for it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040917233831.L76874>