Date: Wed, 11 Apr 2012 20:27:48 -0700 From: perryh@pluto.rain.com To: pjd@freebsd.org Cc: fa-h-2007@hotmail.com, freebsd-geom@freebsd.org Subject: Re: Automatic Geli? Message-ID: <4f864bb4.Q7/highsGaOoTKF6%perryh@pluto.rain.com> In-Reply-To: <20120411093458.GC1319@garage.freebsd.pl> References: <COL115-W4014B9D06091DFE170C09BA5370@phx.gbl> <20120411093458.GC1319@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > If they distribute encrypted image that actually works, it means > they distribute the key along with the image. As was already noted > this serves no purpose, as you can extract the key from the image > and decrypt the whole thing on your own. s/serves no purpose/provides no real security/ It will stop those who can't figure out _how_ to extract the key from the image, and it will deter those whose interest in bypassing the encryption is not strong enough to justify the effort. Making offline access non-trivial might also have legal implications in some jurisdictions, since having gone to the trouble of extracting the key would impair the credibility of a subsequent assertion that any improprieties had been inadvertent.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4f864bb4.Q7/highsGaOoTKF6%perryh>