From owner-freebsd-hackers@FreeBSD.ORG Wed May 14 12:12:20 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 833C137B401 for ; Wed, 14 May 2003 12:12:20 -0700 (PDT) Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CC4243F75 for ; Wed, 14 May 2003 12:12:19 -0700 (PDT) (envelope-from narvi@haldjas.folklore.ee) Received: from haldjas.folklore.ee (localhost [127.0.0.1]) by haldjas.folklore.ee (8.12.3/8.11.3) with ESMTP id h4EJC56U079970; Wed, 14 May 2003 22:12:06 +0300 (EEST) (envelope-from narvi@haldjas.folklore.ee) Received: from localhost (narvi@localhost)h4EJC1vd079967; Wed, 14 May 2003 22:12:01 +0300 (EEST) Date: Wed, 14 May 2003 22:12:01 +0300 (EEST) From: Narvi To: Terry Lambert In-Reply-To: <3EC1CFC4.368715F9@mindspring.com> Message-ID: <20030514214341.T40030-100000@haldjas.folklore.ee> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: hackers@freebsd.org cc: Stalker Subject: Re: Crypted Disk Question X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 19:12:20 -0000 On Tue, 13 May 2003, Terry Lambert wrote: > Stalker wrote: > > With encrypted disks, when you mount them it requires you to enter a > > password, and im wondering if anyone has come up with a way that maintains > > the security, but also automates the process of entering the password. > > You mean, so that if anyone who wanted to read your disk could > just turn on your computer, and it would automate entering the > password for them? > > 8-) 8-) 8-). > > The question boils down to "How does this automatic process know > it's you, and not someone else, turning on the computer?". > Well, this is not entirely fair - a removed from server hard disk would in the scenario still remain locked and data inacessible. Similarily, for the removal of the server, say using an iButton or USB drive or similar that is needed to unlock the data but would be kept separately. You could say have an expect script watching the serial console output and enter the key. Another way would be having the server establishing a ssh session to a machine to get the key. it really depends on what kinds of reasons the encryption is being used for and whats the spectrum of allowable tradeoffs. > Maybe it could have you enter a password... 8-) 8-O. > > -- Terry >