From owner-freebsd-questions@FreeBSD.ORG Tue Jan 18 00:14:48 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 741651065674 for ; Tue, 18 Jan 2011 00:14:48 +0000 (UTC) (envelope-from jon@radel.com) Received: from wave.radel.com (wave.radel.com [216.143.151.4]) by mx1.freebsd.org (Postfix) with ESMTP id F34B48FC0A for ; Tue, 18 Jan 2011 00:14:47 +0000 (UTC) Received: by wave.radel.com (CommuniGate Pro PIPE 4.1.6) with PIPE id 10017685; Mon, 17 Jan 2011 18:14:47 -0500 Received: from [192.168.43.221] (account jon@radel.com HELO braeburn.local) by wave.radel.com (CommuniGate Pro SMTP 4.1.6) with ESMTP-TLS id 10017683; Mon, 17 Jan 2011 18:14:32 -0500 Message-ID: <4D34CD58.4000808@radel.com> Date: Mon, 17 Jan 2011 18:14:32 -0500 From: Jon Radel User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Roland Smith References: <4D34A6EF.30600@alokat.org> <20110117225308.GA40523@slackbox.erewhon.net> In-Reply-To: <20110117225308.GA40523@slackbox.erewhon.net> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms090409090502030305040104" X-Radel.com-MailScanner-Information: Please contact Jon for more information X-Radel.com-MailScanner: Found to be clean X-Mailer: CommuniGate Pro CLI mailer X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-questions@freebsd.org" Subject: Re: harddrive encryption X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2011 00:14:48 -0000 This is a cryptographically signed message in MIME format. --------------ms090409090502030305040104 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable On 1/17/11 5:53 PM, Roland Smith wrote: > Do not rely on a keyfile that resides on a disk in the machine (that wo= uld > make encryption futile)! Use a passphrase instead. > I'd think that depends on your use case. If you're encrypting removable = drives and then shipping them elsewhere, such as for off-site backup,=20 and you trust the physical security for the computer a lot more than you = trust the courier and/or storage site.... Of course, I would agree that that's probably not what the OP has in=20 mind. :-) --=20 --Jon Radel jon@radel.com --------------ms090409090502030305040104--