Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Apr 2012 15:08:21 +0400
From:      Lev Serebryakov <lev@FreeBSD.org>
To:        Robert Simmons <rsimmons0@gmail.com>
Cc:        freebsd-geom@freebsd.org
Subject:   Re: Automatic Geli?
Message-ID:  <103630107.20120416150821@serebryakov.spb.ru>
In-Reply-To: <CA%2BQLa9AVHELB%2B=BPZ611cu3v4vWxpKoFMe91Sdnk=0RtSB%2BMFw@mail.gmail.com>
References:  <COL115-W4014B9D06091DFE170C09BA5370@phx.gbl> <20120411093458.GC1319@garage.freebsd.pl> <4f864bb4.Q7/highsGaOoTKF6%perryh@pluto.rain.com> <CA%2BQLa9AVHELB%2B=BPZ611cu3v4vWxpKoFMe91Sdnk=0RtSB%2BMFw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Robert.
You wrote 12 =E0=EF=F0=E5=EB=FF 2012 =E3., 20:24:25:

> It will stop those who can figure out how????  It's a file in the
> unencrypted portion of the image.  "extracting" would entail "geli
> attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0"

> There is no effort involved.  And they are not "bypassing the
> encryption" or "making offline access non-trivial".  They are "doing
> it wrong".

> I'm not sure that anything you said makes sense.
 It makes perfect sense. If you know only Windows and use this "cache"
CD in small office as some "black box", you cannot call "geli
attach". You could read CD and even unpack "tar.gz" but nothing more.
Any non-standard encryption, even with empty passphrase is adequate
protection in such cases.

--=20
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>







                                                                      t




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?103630107.20120416150821>