Date: Tue, 8 Sep 2015 13:52:24 -0600 From: Richard Hodges <richard@hodges.org> To: freebsd-hackers@freebsd.org, "Li, Xiao" <xaol@amazon.com> Cc: Igor Mozolevsky <igor@hybrid-lab.co.uk>, Analysiser <analysiser@gmail.com> Subject: Re: Passphraseless Disk Encryption Options? Message-ID: <201509081352.25700.richard@hodges.org> In-Reply-To: <D2147761.1A53%xaol@amazon.com> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> <CADWvR2iVubsBQjnvQ8mDGGS7ujsR8wPQ2RAxn=kvFkmVGQkXiQ@mail.gmail.com> <D2147761.1A53%xaol@amazon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 08 September 2015,"Li, Xiao via freebsd-hackers" <freebsd-hacker= s@freebsd.org>=20 wrote: > Agreed, that=B9s why I=B9m stuck in here: it seems like something either > unachievable or haven=B9t been done before.=20 The decryption key has to come from somewhere. Usually someone types it in,= but they key=20 could be on removable media, like a USB memory stick, a CD ROM, floppy, etc. I think you hinted at secure boot. Do you trust the security of the motherb= oard? But if=20 someone steals your hard drives, can't they also steal your other hardware? It might be interesting to think about an external key, such as in a USB st= ick, that could=20 be set to self-destruct (eg, overvoltage) coupled with a tamper sensor. If you could describe your threat model in more detail, and tell exactly wh= at parts are=20 trusted, someone might have a helpful idea. =2DRichard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201509081352.25700.richard>