From owner-freebsd-hackers@FreeBSD.ORG  Wed May 14 12:12:20 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 833C137B401
	for <hackers@freebsd.org>; Wed, 14 May 2003 12:12:20 -0700 (PDT)
Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7CC4243F75
	for <hackers@freebsd.org>; Wed, 14 May 2003 12:12:19 -0700 (PDT)
	(envelope-from narvi@haldjas.folklore.ee)
Received: from haldjas.folklore.ee (localhost [127.0.0.1])
	by haldjas.folklore.ee (8.12.3/8.11.3) with ESMTP id h4EJC56U079970;
	Wed, 14 May 2003 22:12:06 +0300 (EEST)
	(envelope-from narvi@haldjas.folklore.ee)
Received: from localhost (narvi@localhost)h4EJC1vd079967;
	Wed, 14 May 2003 22:12:01 +0300 (EEST)
Date: Wed, 14 May 2003 22:12:01 +0300 (EEST)
From: Narvi <narvi@haldjas.folklore.ee>
To: Terry Lambert <tlambert2@mindspring.com>
In-Reply-To: <3EC1CFC4.368715F9@mindspring.com>
Message-ID: <20030514214341.T40030-100000@haldjas.folklore.ee>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: hackers@freebsd.org
cc: Stalker <stalker@ents.za.net>
Subject: Re: Crypted Disk Question
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2003 19:12:20 -0000


On Tue, 13 May 2003, Terry Lambert wrote:

> Stalker wrote:
> > With encrypted disks, when you mount them it requires you to enter a
> > password, and im wondering if anyone has come up with a way that maintains
> > the security, but also automates the process of entering the password.
>
> You mean, so that if anyone who wanted to read your disk could
> just turn on your computer, and it would automate entering the
> password for them?
>
> 8-) 8-) 8-).
>
> The question boils down to "How does this automatic process know
> it's you, and not someone else, turning on the computer?".
>

Well, this is not entirely fair - a removed from server hard disk would in
the scenario still remain locked and data inacessible. Similarily, for the
removal of the server, say using an iButton or USB drive or similar that
is needed to unlock the data but would be kept separately.

You could say have an expect script watching the serial console output and
enter the key. Another way would be having the server establishing a ssh
session to a machine to get the key. it really depends on what kinds of
reasons the encryption is being used for and whats the spectrum of
allowable tradeoffs.

> Maybe it could have you enter a password... 8-) 8-O.
>
> -- Terry
>