Date: Thu, 12 Apr 2012 12:24:25 -0400 From: Robert Simmons <rsimmons0@gmail.com> To: freebsd-geom@freebsd.org Subject: Re: Automatic Geli? Message-ID: <CA%2BQLa9AVHELB%2B=BPZ611cu3v4vWxpKoFMe91Sdnk=0RtSB%2BMFw@mail.gmail.com> In-Reply-To: <4f864bb4.Q7/highsGaOoTKF6%perryh@pluto.rain.com> References: <COL115-W4014B9D06091DFE170C09BA5370@phx.gbl> <20120411093458.GC1319@garage.freebsd.pl> <4f864bb4.Q7/highsGaOoTKF6%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 11, 2012 at 11:27 PM, <perryh@pluto.rain.com> wrote: > Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > >> If they distribute encrypted image that actually works, it means >> they distribute the key along with the image. As was already noted >> this serves no purpose, as you can extract the key from the image >> and decrypt the whole thing on your own. > > s/serves no purpose/provides no real security/ > > It will stop those who can't figure out _how_ to extract the key > from the image, and it will deter those whose interest in bypassing > the encryption is not strong enough to justify the effort. =A0Making > offline access non-trivial might also have legal implications in > some jurisdictions, since having gone to the trouble of extracting > the key would impair the credibility of a subsequent assertion that > any improprieties had been inadvertent. It will stop those who can figure out how???? It's a file in the unencrypted portion of the image. "extracting" would entail "geli attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0" There is no effort involved. And they are not "bypassing the encryption" or "making offline access non-trivial". They are "doing it wrong". I'm not sure that anything you said makes sense.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9AVHELB%2B=BPZ611cu3v4vWxpKoFMe91Sdnk=0RtSB%2BMFw>