From owner-freebsd-hackers@freebsd.org Tue Sep 8 17:44:42 2015 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 11CE5A0051B for ; Tue, 8 Sep 2015 17:44:42 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D20E11849 for ; Tue, 8 Sep 2015 17:44:41 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by iofb144 with SMTP id b144so127664662iof.1 for ; Tue, 08 Sep 2015 10:44:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=lHbHtzUUoYqHd73v89rO4xRdUNk1Uo9AQBkQIx5E934=; b=X0tnuQLCFIo6+haHUMsaiAIs9vjwxckQ9QpTFWjPsahEbLgq5n/VIe7u8Mv888c0bC bnEy75biHVgj5thYOhdMBBEAdLz2kf3ppmDfAxGwdxHjjltQVF7odQbRoOSudEZwAFBA 9xVdqLpIDd6WehPpdz1wDhZ8kynW9eoxLD3TA9jvvnxzhcNH/Qce6ScCCn4wySp1dZ7q afPho6p8FCk1TvF0TXg2RwQmH5gktS0YfU8CU7LXksAxh1rDANg2yHoK9AFrRPQiSz7r U9H+uijDhMRn0W9o4xp4fKDASxNxxoZBBnQ8WOtNwGJcWXUdUnzCCAqvm+TT0Iwmkgvq rc4A== X-Received: by 10.107.34.85 with SMTP id i82mr47813367ioi.129.1441734281095; Tue, 08 Sep 2015 10:44:41 -0700 (PDT) MIME-Version: 1.0 Sender: mozolevsky@gmail.com Received: by 10.79.92.198 with HTTP; Tue, 8 Sep 2015 10:44:01 -0700 (PDT) In-Reply-To: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> From: Igor Mozolevsky Date: Tue, 8 Sep 2015 18:44:01 +0100 X-Google-Sender-Auth: HKfG9JnSOEmaIa6S_HubsZNMZUM Message-ID: Subject: Re: Passphraseless Disk Encryption Options? To: Analysiser Cc: Hackers freeBSD Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2015 17:44:42 -0000 On 8 September 2015 at 18:22, Analysiser wrote: I=E2=80=99m trying to perform a whole disk encryption for my boot drive to = protect > its data at rest. However I would like to have a mac OS X-ish full disk > encryption that does not explicitly ask for a passphrase and would boot a= s > normal without manual input of passphrase. I tried to do it with geli(8) > but it seems there is no way I can avoid the manual interaction. Really > curious if there is a way to achieve it? Thanks! > Do you mean like DVD "encryption'? If you are able to decrypt the contents of the disk without something that only the person in front for the computer either has or knows then *anyone* would be able to decrypt it. What is the actual problem you're trying to solve? Remember that encryption is just a tool and not a solution- you need a good security protocol that will protect your data, and by the sound of it the protocol you propose (self-decrypting drive) is just broken. --=20 Igor M.