ATA security commands, bug in atacontrol

[ALeine]

julian at elischer.org wrote: 

> And while travelling, someone pickpockets you and takes the
> flash drive where you stored the key.

I never said you would store the password on the USB flash drive,
that drive is meant to serve mainly for booting FreeBSD. Secure
password storage is another issue altogether, but it is obvious
that relying on the USB flash drive alone for password storage
would create a single point of failure with a very serious impact
as you could end up not being able to use the drive(s) yourself.
If one were to store the password there, it would be advisable to
encrypt it first and to also store a (possibly fragmented) copy
in other locations, such as your own memory, remote machines, etc.

But let's assume that you did store the unencrypted password on the
USB flash drive. The pickpocket would have no use for the password
unless you also stored your full name, address and a detailed
description of what the password is for along with the password. :-)
Even in that case it would be unlikely that a total stranger would
travel all the way to your house (assuming you do not vacation locally)
just to steal your drives. If you believe there are people who are so
determined to get to your data (and not just your drives) that they
have the resources and the determination to follow you on vacation
and steal your USB flash drive, then it would be safe to assume that
you would also take precautions to encrypt your drive(s) with GBDE or
similar beforehand and that you would also not store sensitive GBDE
information (passphrase, lock sectors, ...) on the same USB flash disk
where you decided to store a copy of the disk password(s).

ALeine
___________________________________________________________________
WebMail FREE http://mail.austrosearch.net