Date: Mon, 21 Dec 1998 08:53:55 -0800 From: Gregory Sutter <gsutter@pobox.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no>, security@FreeBSD.ORG Subject: Re: preventing single user login w/o password Message-ID: <19981221085355.A10360@orcrist.mediacity.com> In-Reply-To: <xzpww3lecjq.fsf@flood.ping.uio.no>; from Dag-Erling Smorgrav on Mon, Dec 21, 1998 at 04:32:09PM %2B0100 References: <199812211324.IAA27266@cc942873-a.ewndsr1.nj.home.com> <xzpww3lecjq.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 21, 1998 at 04:32:09PM +0100, Dag-Erling Smorgrav wrote: > > Janos Mohacsi wrote, > > > How can I prevent booting FreeBSD into the single user mode without > > > supplying either root or maybe different password? > > Well, you can translate physical access to the computer into physical > access to a more manageable item, such as a Java ring, if you use some > kind of hardware device which strongly encrypts your disks and keep > the encryption key on the Java ring. The idea is that you can't boot > the computer without the ring, and you can't decrypt the contents of > the disk drive without it either (not within reasonable amounts of > time, anyway). Okay, it's 8:45 AM, and I'm still tired, but the first thing that came into my mind was an actual ring that one wears upon a finger. Then I wondered about using that as a physical security key. It would be easy to put a small chip or 2 in a ring; the reader could be sitting in a 5.25" slot until cases are specially built for the device, which would be plugged into the motherboard and prevent all input or somesuch mechanism until the chip is detected. Now, I don't know much about the actual cryptography, but combining "something you have" with "something you know", such as a passphrase, could make for a good physical security system. Combine that with a sturdy, locked case and any intruder will have to take measures that will make their intrusion obvious. Greg -- Gregory S. Sutter Computing is a terminal addiction. mailto:gsutter@pobox.com http://www.pobox.com/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981221085355.A10360>