From owner-freebsd-geom@FreeBSD.ORG  Mon Apr 16 11:08:31 2012
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 42F16106564A
	for <freebsd-geom@freebsd.org>; Mon, 16 Apr 2012 11:08:31 +0000 (UTC)
	(envelope-from lev@FreeBSD.org)
Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru
	[46.4.40.135]) by mx1.freebsd.org (Postfix) with ESMTP id F2D188FC29
	for <freebsd-geom@freebsd.org>; Mon, 16 Apr 2012 11:08:30 +0000 (UTC)
Received: from lion.home.serebryakov.spb.ru (89.112.15.178.pppoe.eltel.net
	[89.112.15.178]) (Authenticated sender: lev@serebryakov.spb.ru)
	by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPA id CE44F4AC1C; 
	Mon, 16 Apr 2012 15:08:23 +0400 (MSK)
Date: Mon, 16 Apr 2012 15:08:21 +0400
From: Lev Serebryakov <lev@FreeBSD.org>
Organization: FreeBSD
X-Priority: 3 (Normal)
Message-ID: <103630107.20120416150821@serebryakov.spb.ru>
To: Robert Simmons <rsimmons0@gmail.com>
In-Reply-To: <CA+QLa9AVHELB+=BPZ611cu3v4vWxpKoFMe91Sdnk=0RtSB+MFw@mail.gmail.com>
References: <COL115-W4014B9D06091DFE170C09BA5370@phx.gbl>
	<20120411093458.GC1319@garage.freebsd.pl>
	<4f864bb4.Q7/highsGaOoTKF6%perryh@pluto.rain.com>
	<CA+QLa9AVHELB+=BPZ611cu3v4vWxpKoFMe91Sdnk=0RtSB+MFw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-geom@freebsd.org
Subject: Re: Automatic Geli?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: lev@FreeBSD.org
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2012 11:08:31 -0000

Hello, Robert.
You wrote 12 =E0=EF=F0=E5=EB=FF 2012 =E3., 20:24:25:

> It will stop those who can figure out how????  It's a file in the
> unencrypted portion of the image.  "extracting" would entail "geli
> attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0"

> There is no effort involved.  And they are not "bypassing the
> encryption" or "making offline access non-trivial".  They are "doing
> it wrong".

> I'm not sure that anything you said makes sense.
 It makes perfect sense. If you know only Windows and use this "cache"
CD in small office as some "black box", you cannot call "geli
attach". You could read CD and even unpack "tar.gz" but nothing more.
Any non-standard encryption, even with empty passphrase is adequate
protection in such cases.

--=20
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>







                                                                      t