Automatic Geli?
Robert Simmons
rsimmons0 at gmail.com
Mon Apr 16 23:26:42 UTC 2012
On Mon, Apr 16, 2012 at 7:08 AM, Lev Serebryakov <lev at freebsd.org> wrote:
> Hello, Robert.
> You wrote 12 апреля 2012 г., 20:24:25:
>
>> It will stop those who can figure out how???? It's a file in the
>> unencrypted portion of the image. "extracting" would entail "geli
>> attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0"
>
>> There is no effort involved. And they are not "bypassing the
>> encryption" or "making offline access non-trivial". They are "doing
>> it wrong".
>
>> I'm not sure that anything you said makes sense.
> It makes perfect sense. If you know only Windows and use this "cache"
> CD in small office as some "black box", you cannot call "geli
> attach". You could read CD and even unpack "tar.gz" but nothing more.
> Any non-standard encryption, even with empty passphrase is adequate
> protection in such cases.
Not intelligent. If it is meant as a cache in this case, and geli
lets you setup a provider with a one time key for precisely this exact
purpose, then using the software incorrectly is stupid.
And, no, it's not adequate protection to use a blank passphrase. That
too is stupid. You're making a bad argument.
More information about the freebsd-geom
mailing list