Date: Tue, 8 Sep 2015 18:44:01 +0100 From: Igor Mozolevsky <igor@hybrid-lab.co.uk> To: Analysiser <analysiser@gmail.com> Cc: Hackers freeBSD <freebsd-hackers@freebsd.org> Subject: Re: Passphraseless Disk Encryption Options? Message-ID: <CADWvR2iv7xz02Fw9b=159%2BSMuphQGRKZsfyy9DDeqGMxn=p1BA@mail.gmail.com> In-Reply-To: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8 September 2015 at 18:22, Analysiser <analysiser@gmail.com> wrote: I=E2=80=99m trying to perform a whole disk encryption for my boot drive to = protect > its data at rest. However I would like to have a mac OS X-ish full disk > encryption that does not explicitly ask for a passphrase and would boot a= s > normal without manual input of passphrase. I tried to do it with geli(8) > but it seems there is no way I can avoid the manual interaction. Really > curious if there is a way to achieve it? Thanks! > Do you mean like DVD "encryption'? If you are able to decrypt the contents of the disk without something that only the person in front for the computer either has or knows then *anyone* would be able to decrypt it. What is the actual problem you're trying to solve? Remember that encryption is just a tool and not a solution- you need a good security protocol that will protect your data, and by the sound of it the protocol you propose (self-decrypting drive) is just broken. --=20 Igor M.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADWvR2iv7xz02Fw9b=159%2BSMuphQGRKZsfyy9DDeqGMxn=p1BA>