From owner-freebsd-geom@FreeBSD.ORG  Wed Apr 11 20:38:40 2012
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5F81B1065674;
	Wed, 11 Apr 2012 20:38:40 +0000 (UTC)
	(envelope-from perryh@pluto.rain.com)
Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34])
	by mx1.freebsd.org (Postfix) with ESMTP id 3902D8FC0A;
	Wed, 11 Apr 2012 20:38:40 +0000 (UTC)
Received: from agora.rdrop.com (66@localhost [127.0.0.1])
	by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id q3BKcdQq008047
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Wed, 11 Apr 2012 13:38:39 -0700 (PDT)
	(envelope-from perryh@pluto.rain.com)
Received: (from uucp@localhost)
	by agora.rdrop.com (8.13.1/8.14.2/Submit) with UUCP id q3BKcdoc008046; 
	Wed, 11 Apr 2012 13:38:39 -0700 (PDT)
	(envelope-from perryh@pluto.rain.com)
Received: from fbsd81 ([192.168.200.81]) by pluto.rain.com
	(4.1/SMI-4.1-pluto-M2060407) id AA01056; Wed, 11 Apr 12 13:28:54 PDT
Date: Wed, 11 Apr 2012 20:27:48 -0700
From: perryh@pluto.rain.com
To: pjd@freebsd.org
Message-Id: <4f864bb4.Q7/highsGaOoTKF6%perryh@pluto.rain.com>
References: <COL115-W4014B9D06091DFE170C09BA5370@phx.gbl>
	<20120411093458.GC1319@garage.freebsd.pl>
In-Reply-To: <20120411093458.GC1319@garage.freebsd.pl>
User-Agent: nail 11.25 7/29/05
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: fa-h-2007@hotmail.com, freebsd-geom@freebsd.org
Subject: Re: Automatic Geli?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 20:38:40 -0000

Pawel Jakub Dawidek <pjd@freebsd.org> wrote:

> If they distribute encrypted image that actually works, it means
> they distribute the key along with the image. As was already noted
> this serves no purpose, as you can extract the key from the image
> and decrypt the whole thing on your own.

s/serves no purpose/provides no real security/

It will stop those who can't figure out _how_ to extract the key
from the image, and it will deter those whose interest in bypassing
the encryption is not strong enough to justify the effort.  Making
offline access non-trivial might also have legal implications in
some jurisdictions, since having gone to the trouble of extracting
the key would impair the credibility of a subsequent assertion that
any improprieties had been inadvertent.