From owner-freebsd-hackers@FreeBSD.ORG Tue Apr 5 00:36:39 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E19B416A4CE for ; Tue, 5 Apr 2005 00:36:39 +0000 (GMT) Received: from marlena.vvi.at (marlena.vvi.at [208.252.225.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF98543D3F for ; Tue, 5 Apr 2005 00:36:39 +0000 (GMT) (envelope-from www@marlena.vvi.at) Received: from marlena.vvi.at (localhost.marlena.vvi.at [127.0.0.1]) by marlena.vvi.at (8.12.10/8.12.9) with ESMTP id j350afh3007719; Mon, 4 Apr 2005 17:36:42 -0700 (PDT) (envelope-from www@marlena.vvi.at) Received: (from www@localhost) by marlena.vvi.at (8.12.10/8.12.10/Submit) id j350aZj2007718; Mon, 4 Apr 2005 17:36:35 -0700 (PDT) (envelope-from www) Date: Mon, 4 Apr 2005 17:36:35 -0700 (PDT) Message-Id: <200504050036.j350aZj2007718@marlena.vvi.at> To: julian@elischer.org From: "ALeine" cc: craig@tobuj.gank.org cc: sos@DeepCore.dk cc: freebsd-hackers@freebsd.org Subject: Re: ATA security commands, bug in atacontrol X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 00:36:40 -0000 julian@elischer.org wrote: > And while travelling, someone pickpockets you and takes the > flash drive where you stored the key. I never said you would store the password on the USB flash drive, that drive is meant to serve mainly for booting FreeBSD. Secure password storage is another issue altogether, but it is obvious that relying on the USB flash drive alone for password storage would create a single point of failure with a very serious impact as you could end up not being able to use the drive(s) yourself. If one were to store the password there, it would be advisable to encrypt it first and to also store a (possibly fragmented) copy in other locations, such as your own memory, remote machines, etc. But let's assume that you did store the unencrypted password on the USB flash drive. The pickpocket would have no use for the password unless you also stored your full name, address and a detailed description of what the password is for along with the password. :-) Even in that case it would be unlikely that a total stranger would travel all the way to your house (assuming you do not vacation locally) just to steal your drives. If you believe there are people who are so determined to get to your data (and not just your drives) that they have the resources and the determination to follow you on vacation and steal your USB flash drive, then it would be safe to assume that you would also take precautions to encrypt your drive(s) with GBDE or similar beforehand and that you would also not store sensitive GBDE information (passphrase, lock sectors, ...) on the same USB flash disk where you decided to store a copy of the disk password(s). ALeine ___________________________________________________________________ WebMail FREE http://mail.austrosearch.net