Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 May 2003 20:14:34 -0700
From:      Wes Peters <wes@softweyr.com>
To:        "Stalker" <stalker@ents.za.net>, <hackers@freebsd.org>
Subject:   Re: Crypted Disk Question
Message-ID:  <200305132014.34788.wes@softweyr.com>
In-Reply-To: <000901c3199a$25d4d8f0$4206000a@stalker>
References:  <000901c3199a$25d4d8f0$4206000a@stalker>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 13 May 2003 14:53, Stalker wrote:
> Hi
>
> I would like to know if anyone has thought of or come up with a
> solution to this problem.
>
> With encrypted disks, when you mount them it requires you to enter a
> password, and im wondering if anyone has come up with a way that
> maintains the security, but also automates the process of entering
> the password. I know of scripts and that, but that still leaves the
> password in plain text. I was wondering if anyone has written a
> program to accomplish this, or if someone has thought of a better way
> to get around this problem, and still keep a high level of security
> while doing this.
>
> If someone has a idea of how to do this, i dont mind writing the
> program myself to do it, im just trying to find a decent way to do
> this.

I depends on the level of security you want.  You could put the crypto 
keys on a little USB dongle and leave that plugged into the computers; 
in case of "emergency" you can yank the dongle and the powercord and 
run.  That's still not very secure, depending on how close the machines 
are to your pillow.  Any mechanism that can enter the keys 
automagically can be used against you if it is captured "intact 
enough."

A system that can come up into a running state and page you for a new 
key, with some sort of remote re-keying capability, would be a better 
design.  I think RIM Blackberry can do this sort of back-and-forth with 
a bit of development.  The system in question would bring itself up far 
enough to request and receive keys, then mount the encrypted 
filesystems and continue once the keys are received.  That would be a 
fun system to design and make actually work.  ;^)

-- 
         "Where am I, and what am I doing in this handbasket?"

Wes Peters                                              wes@softweyr.com




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305132014.34788.wes>