Automatic Geli?

Mon Apr 16 11:08:31 UTC 2012

Hello, Robert.
You wrote 12 апреля 2012 г., 20:24:25:

> It will stop those who can figure out how????  It's a file in the
> unencrypted portion of the image.  "extracting" would entail "geli
> attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0"

> There is no effort involved.  And they are not "bypassing the
> encryption" or "making offline access non-trivial".  They are "doing
> it wrong".

> I'm not sure that anything you said makes sense.
 It makes perfect sense. If you know only Windows and use this "cache"
CD in small office as some "black box", you cannot call "geli
attach". You could read CD and even unpack "tar.gz" but nothing more.
Any non-standard encryption, even with empty passphrase is adequate
protection in such cases.

-- 
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>


                                                                      t