From owner-freebsd-hackers@FreeBSD.ORG Fri Nov 28 11:01:46 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE50816A4CF for ; Fri, 28 Nov 2003 11:01:46 -0800 (PST) Received: from smtpzilla3.xs4all.nl (smtpzilla3.xs4all.nl [194.109.127.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4378343FAF for ; Fri, 28 Nov 2003 11:01:45 -0800 (PST) (envelope-from wkb@freebie.xs4all.nl) Received: from freebie.xs4all.nl (freebie.xs4all.nl [213.84.32.253]) by smtpzilla3.xs4all.nl (8.12.9/8.12.9) with ESMTP id hASJ1h87083661; Fri, 28 Nov 2003 20:01:43 +0100 (CET) Received: from freebie.xs4all.nl (localhost [127.0.0.1]) by freebie.xs4all.nl (8.12.9p2/8.12.9) with ESMTP id hASJ1hIY031718; Fri, 28 Nov 2003 20:01:43 +0100 (CET) (envelope-from wkb@freebie.xs4all.nl) Received: (from wkb@localhost) by freebie.xs4all.nl (8.12.9p2/8.12.9/Submit) id hASJ1hYY031717; Fri, 28 Nov 2003 20:01:43 +0100 (CET) (envelope-from wkb) Date: Fri, 28 Nov 2003 20:01:43 +0100 From: Wilko Bulte To: Poul-Henning Kamp Message-ID: <20031128190143.GA31702@freebie.xs4all.nl> References: <200311280014.49356.wes@softweyr.com> <7304.1070019810@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7304.1070019810@critter.freebsd.dk> User-Agent: Mutt/1.4.1i X-OS: FreeBSD 4.9-STABLE X-PGP: finger wilko@freebsd.org cc: freebsd-hackers@freebsd.org Subject: Re: "secure" file flag? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Nov 2003 19:01:46 -0000 On Fri, Nov 28, 2003 at 12:43:30PM +0100, Poul-Henning Kamp wrote: > In message <200311280014.49356.wes@softweyr.com>, Wes Peters writes: > > >If you want an interesting problem to work on, come up with a solution to > >the keying problem for disk encryption. It somehow needs to allow > >automated, unattended reboots during "normal" operations but prevent > >attackers from compromising the system. Maybe you could have the system > >send an SMS message when it needs a key, you reply with a one-time key > >from your mobile phone? > > I have already described one solution to this in my GBDE paper at > BSDcon. ... > Now *that* is a DIY project for the dedicated hobbyist :-) > > The terminology and principle, is from atomic weapons which have a > similar security profile: > http://nuclearweaponarchive.org/Usa/Weapons/Pal.html Your interests sometimes worry me... ;-) -- | / o / /_ _ |/|/ / / /( (_) Bulte wilko@FreeBSD.org