Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 May 2003 02:15:55 -0700
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Narvi <narvi@haldjas.folklore.ee>
Cc:        Stalker <stalker@ents.za.net>
Subject:   Re: Crypted Disk Question
Message-ID:  <3EC35ACB.BFA5DE86@mindspring.com>
References:  <20030514214341.T40030-100000@haldjas.folklore.ee>

next in thread | previous in thread | raw e-mail | index | archive | help
Narvi wrote:
> > The question boils down to "How does this automatic process know
> > it's you, and not someone else, turning on the computer?".
> 
> Well, this is not entirely fair - a removed from server hard disk would in
> the scenario still remain locked and data inacessible. Similarily, for the
> removal of the server, say using an iButton or USB drive or similar that
> is needed to unlock the data but would be kept separately.

Anything that doesn't require a human to intervene can be
subverted.  If there are people with sufficient physical
access to the disk that it needs to have its contents
encrypted in the first place, then they have sufficient
physical access to put a breakout between the computer and
any serial or USB or other dongle you can name.

> You could say have an expect script watching the serial console output and
> enter the key.

And if you had sufficient physical access to the drive to
be able to read its raw data, then you have sufficient access
to capture the key entry by the other box by inserting a tap
and rebooting the box that needs the key on reboot.

> Another way would be having the server establishing a ssh
> session to a machine to get the key.

If the ssh is automatic, either because of symmetric key
distribution, or because your passpharase is blank... then,
again, it's easy to intercept the exchange.  If it's safe
from this, then it requires a human to enter a passphrase,
and you are back to the original problem.

> it really depends on what kinds of reasons the encryption
> is being used for and whats the spectrum of allowable tradeoffs.

The only reason for an encrypted drive, since once you are
logged in, and have entered the password, the drive is not
crypted, is fear about someone else with physical access to
the drive.

-- Terry



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EC35ACB.BFA5DE86>