From owner-freebsd-hackers@freebsd.org Tue Sep 8 19:52:33 2015 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A7F4A00EF2 for ; Tue, 8 Sep 2015 19:52:33 +0000 (UTC) (envelope-from hodges.org@gmail.com) Received: from mail-ig0-x22d.google.com (mail-ig0-x22d.google.com [IPv6:2607:f8b0:4001:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C6F8E1C95 for ; Tue, 8 Sep 2015 19:52:32 +0000 (UTC) (envelope-from hodges.org@gmail.com) Received: by igcrk20 with SMTP id rk20so83387325igc.1 for ; Tue, 08 Sep 2015 12:52:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=2zcbMRAdzhWczwZaXCCdViRp0wwBQ/MPh0rdFCtdzLY=; b=e1AEBAQvf1aDZlLpsi0ImliN2IPZDIL6a4AHOgLolJyRy2WncZyzkKLRXtnywQ4re/ aS1VmmStkJBXU97lN3i5YhU86/nST20qm7yMp5IscUYt2SM/fBxpiwh3EdZVBmZVShPt efOAyjFmE3wt1b76gDz0JCiKnkYgLTZpSAacerXSDCGNkuI8jUeBb05HIVAkeNQ8CneA keUe82seSAjWvtShjCVDiNlKxfLYUIf/ylWUhXnRfLb22AYOC0AsVIQBgst94JaH0Mtv y+sTgb3C7zjrF3bsIri7tHRcfCg8zCZyUKKBfKLzcW+Bn3VimA1CvpUy/zj2X3QJg7v3 R9Hw== X-Received: by 10.50.50.198 with SMTP id e6mr44444098igo.13.1441741952101; Tue, 08 Sep 2015 12:52:32 -0700 (PDT) Received: from lark.hodges.org (mobile-166-187-231-224.mycingular.net. [166.187.231.224]) by smtp.gmail.com with ESMTPSA id n14sm2917261ioi.15.2015.09.08.12.52.30 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 08 Sep 2015 12:52:30 -0700 (PDT) Sender: Richard Hodges From: Richard Hodges To: freebsd-hackers@freebsd.org, "Li, Xiao" Subject: Re: Passphraseless Disk Encryption Options? Date: Tue, 8 Sep 2015 13:52:24 -0600 User-Agent: KMail/1.13.5 (FreeBSD/8.1-RELEASE; KDE/4.4.5; amd64; ; ) Cc: Igor Mozolevsky , Analysiser References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <201509081352.25700.richard@hodges.org> X-Mailman-Approved-At: Tue, 08 Sep 2015 20:39:49 +0000 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2015 19:52:33 -0000 On Tuesday 08 September 2015,"Li, Xiao via freebsd-hackers" =20 wrote: > Agreed, that=B9s why I=B9m stuck in here: it seems like something either > unachievable or haven=B9t been done before.=20 The decryption key has to come from somewhere. Usually someone types it in,= but they key=20 could be on removable media, like a USB memory stick, a CD ROM, floppy, etc. I think you hinted at secure boot. Do you trust the security of the motherb= oard? But if=20 someone steals your hard drives, can't they also steal your other hardware? It might be interesting to think about an external key, such as in a USB st= ick, that could=20 be set to self-destruct (eg, overvoltage) coupled with a tamper sensor. If you could describe your threat model in more detail, and tell exactly wh= at parts are=20 trusted, someone might have a helpful idea. =2DRichard