Date: Thu, 7 Sep 2006 13:06:12 -0400 (EDT) From: Matt Piechota <piechota@argolis.org> To: Frank Steinborn <steinex@nognu.de> Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org, Nikos Vassiliadis <nvass@teledomenet.gr> Subject: Re: Getting GELI Keys from Floppy Message-ID: <20060907125622.G3820@acropolis.argolis.org> In-Reply-To: <20060907122901.6205EB82C@shodan.nognu.de> References: <20060906210021.C2428B82C@shodan.nognu.de> <200609071019.46529.nvass@teledomenet.gr> <20060907122901.6205EB82C@shodan.nognu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 7 Sep 2006, Frank Steinborn wrote: > I could use /dev/fd0 directly but then I had to use the same key for > all 6 HDD's in the server. I got a solution by hacking /etc/rc.d/geli > - I'm just mounting the floppy there before it tries to read the key. You could read different parts of the floppy for different keys. Speaking of which, do the keys have any identifiable strings in them? If not, you could fill the floppy with random garbage and 'hide' the key. I'm assuming since you don't want a password you don't want the boot to require interaction so it's not that useful, but if nothing else it would help if someone got access to the floppy (remotely or by physical access). -- Matt Piechota
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060907125622.G3820>