Date: Mon, 13 Mar 2023 06:45:43 +0100 From: Ralf Mardorf <ralf-mardorf@riseup.net> To: questions@freebsd.org Subject: Re: geli encryption on server Message-ID: <14aa1e4595dee522437202d34d2e73614aa42bac.camel@riseup.net> In-Reply-To: <20230312233648.15753eed.freebsd@edvax.de> References: <8ef427543f851a296b4a1804764f3f5ece48225d.camel@blues-softwares.net> <20230312233648.15753eed.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2023-03-12 at 23:36 +0100, Polytropon wrote: > However, you _can_ use this approach with storing the keyfile > on a USB stick and remove it when the system has been started. Since USB sticks are not reliable, backing up the key is required, but copies of keys lower security. While SanDisk Extreme PRO SD cards are reliable, I wouldn't trust the reliability. Btw. I already lost keys to decrypt emails out of sloppiness, IOW sometimes users aren't reliable, too. Not to mention that sometimes, though rarely, I don't know my bank card's 4-digit PIN at the supermarket checkout. Then I wish I had written them on the card ;D. Security measures are a double-edged sword. Useless when done wrong, but a pitfall when done right.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14aa1e4595dee522437202d34d2e73614aa42bac.camel>