Achim Patzner wrote:
article below. does anyone know how this affects eli/geli?
There's fairly little any disk crypto system can do to thoroughly defend
against this.
Hm. Strange. Serious hardware is very well suited to do that (usually
by adding well defended crypto hardware). Keys don't have to be stored
in unsafe places.
Since it hasn't been mentioned so far: There are hard disk drives that
do encryption on the firmware level, so you don't have to store keys on
the OS level.
While this doesn't solve the problem completely it at least makes
getting at the key much more difficult. You would have to somehow
preserve and later get at the contents of the RAM inside the controller
chip on the HDD PCB, and you probably can't risk throwing the entire HDD
into liquid nitrogen because there is a good chance that it would be
damaged afterwards.
Hitachi makes such drives, for instance (2.5" SATA models for
notebooks). There the HDD password doubles as encryption key, AFAIK.
So if the data you carry around is really that sensitive I would suggest
to consider that approach.
Regards,
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED] | http://www.escapebox.net
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
