Date: Tue, 13 May 2003 20:14:34 -0700 From: Wes Peters <wes@softweyr.com> To: "Stalker" <stalker@ents.za.net>, <hackers@freebsd.org> Subject: Re: Crypted Disk Question Message-ID: <200305132014.34788.wes@softweyr.com> In-Reply-To: <000901c3199a$25d4d8f0$4206000a@stalker> References: <000901c3199a$25d4d8f0$4206000a@stalker>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 13 May 2003 14:53, Stalker wrote:
> Hi
>
> I would like to know if anyone has thought of or come up with a
> solution to this problem.
>
> With encrypted disks, when you mount them it requires you to enter a
> password, and im wondering if anyone has come up with a way that
> maintains the security, but also automates the process of entering
> the password. I know of scripts and that, but that still leaves the
> password in plain text. I was wondering if anyone has written a
> program to accomplish this, or if someone has thought of a better way
> to get around this problem, and still keep a high level of security
> while doing this.
>
> If someone has a idea of how to do this, i dont mind writing the
> program myself to do it, im just trying to find a decent way to do
> this.
I depends on the level of security you want. You could put the crypto
keys on a little USB dongle and leave that plugged into the computers;
in case of "emergency" you can yank the dongle and the powercord and
run. That's still not very secure, depending on how close the machines
are to your pillow. Any mechanism that can enter the keys
automagically can be used against you if it is captured "intact
enough."
A system that can come up into a running state and page you for a new
key, with some sort of remote re-keying capability, would be a better
design. I think RIM Blackberry can do this sort of back-and-forth with
a bit of development. The system in question would bring itself up far
enough to request and receive keys, then mount the encrypted
filesystems and continue once the keys are received. That would be a
fun system to design and make actually work. ;^)
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters wes@softweyr.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305132014.34788.wes>