Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 May 2003 23:23:52 -0700
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Narvi <narvi@haldjas.folklore.ee>
Cc:        Stalker <stalker@ents.za.net>
Subject:   Re: Crypted Disk Question
Message-ID:  <3EC483F8.A2E6E00@mindspring.com>
References:  <20030515185823.X40030-100000@haldjas.folklore.ee>

next in thread | previous in thread | raw e-mail | index | archive | help
Narvi wrote:
> Similarily, humans can be subverted and one can point a camera at the
> keyboard or log the emissions from it, thus capturing the password.

Yes.  Security is only as strong as its weakest link.  An
automatic system for entering a password into a disk that
requires one for its encryption to function is a really,
really weak link.

> > > You could say have an expect script watching the serial console output and
> > > enter the key.
> >
> > And if you had sufficient physical access to the drive to
> > be able to read its raw data, then you have sufficient access
> > to capture the key entry by the other box by inserting a tap
> > and rebooting the box that needs the key on reboot.
> 
> So?

So why are you using encryption on your disk at all, if it
is effectively tantamount to not being there?


> > The only reason for an encrypted drive, since once you are
> > logged in, and have entered the password, the drive is not
> > crypted, is fear about someone else with physical access to
> > the drive.
> 
> Which is not at all the scanario (active attacker) you are describing as a
> proof that this is a stupid idea for all cases, even if it is meant to
> guard against accidental loss (misplaced box during office move or
> similar) or ;eak of sensitive information (patient records, whatever) as a
> result of a simple burglary.
> 
> You might just aswell claim GEOM is useless because they could always
> torture the password out of you - both views are equally meritless.

That's incorrect.  If the password is in my head, a court
order isn't going to recover the data on the disk.  If the
password is recoverable with a court order because a court
order gives physical proximity to the machine, then there is
no reason to do it.

A dongle is only useful if what you are talking about is
something like a laptop.  Even the, the operation is *not*
"automated", as the original poster was requesting: it
requires the user to physically attach the dongle when they
are booting a laptop.  At that point, it becomes the moral
equivalent of a lock and key... which in no way gets rid of
the act of applying the key to the lock, and so in no way
could be termed "automatically unlocking the lock".

If you go back and read the original question, it's pretty
clear that this is not the case they are talking about.

-- Terry



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EC483F8.A2E6E00>