Automatic Geli?
perryh at pluto.rain.com
perryh at pluto.rain.com
Wed Apr 11 20:38:40 UTC 2012
Pawel Jakub Dawidek <pjd at freebsd.org> wrote:
> If they distribute encrypted image that actually works, it means
> they distribute the key along with the image. As was already noted
> this serves no purpose, as you can extract the key from the image
> and decrypt the whole thing on your own.
s/serves no purpose/provides no real security/
It will stop those who can't figure out _how_ to extract the key
from the image, and it will deter those whose interest in bypassing
the encryption is not strong enough to justify the effort. Making
offline access non-trivial might also have legal implications in
some jurisdictions, since having gone to the trouble of extracting
the key would impair the credibility of a subsequent assertion that
any improprieties had been inadvertent.
More information about the freebsd-geom
mailing list