Date: Thu, 15 May 2003 23:23:52 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Narvi <narvi@haldjas.folklore.ee> Cc: Stalker <stalker@ents.za.net> Subject: Re: Crypted Disk Question Message-ID: <3EC483F8.A2E6E00@mindspring.com> References: <20030515185823.X40030-100000@haldjas.folklore.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
Narvi wrote: > Similarily, humans can be subverted and one can point a camera at the > keyboard or log the emissions from it, thus capturing the password. Yes. Security is only as strong as its weakest link. An automatic system for entering a password into a disk that requires one for its encryption to function is a really, really weak link. > > > You could say have an expect script watching the serial console output and > > > enter the key. > > > > And if you had sufficient physical access to the drive to > > be able to read its raw data, then you have sufficient access > > to capture the key entry by the other box by inserting a tap > > and rebooting the box that needs the key on reboot. > > So? So why are you using encryption on your disk at all, if it is effectively tantamount to not being there? > > The only reason for an encrypted drive, since once you are > > logged in, and have entered the password, the drive is not > > crypted, is fear about someone else with physical access to > > the drive. > > Which is not at all the scanario (active attacker) you are describing as a > proof that this is a stupid idea for all cases, even if it is meant to > guard against accidental loss (misplaced box during office move or > similar) or ;eak of sensitive information (patient records, whatever) as a > result of a simple burglary. > > You might just aswell claim GEOM is useless because they could always > torture the password out of you - both views are equally meritless. That's incorrect. If the password is in my head, a court order isn't going to recover the data on the disk. If the password is recoverable with a court order because a court order gives physical proximity to the machine, then there is no reason to do it. A dongle is only useful if what you are talking about is something like a laptop. Even the, the operation is *not* "automated", as the original poster was requesting: it requires the user to physically attach the dongle when they are booting a laptop. At that point, it becomes the moral equivalent of a lock and key... which in no way gets rid of the act of applying the key to the lock, and so in no way could be termed "automatically unlocking the lock". If you go back and read the original question, it's pretty clear that this is not the case they are talking about. -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EC483F8.A2E6E00>