On Thu, Oct 25, 2007 at 12:46:53AM +0800, Daniel Marsh wrote: > Even if all data on a drive is encrypted, the partition table is not. > Software based disk encryption works on partitions.
That's not true. One can configure full disk encryption using GELI. To do it you need to have a small USB pen-drive or CD-ROM with /boot/ directory, but that's all you need. Then you actually boot from your unencrypted pen-drive, but mount all file systems from encrypted disk. The pen-drive is not needed for your system to run and you can be easly take it with you, which is not always the case for your laptop. > How far into the boot sequence do you get before your system crashes without > the key present? > I would assume as far as reading the / partition to get the kernel etc... > > It would have read the partition table and the boot loader, known which > partition was the "active" partition and tried booting it. > > Now, to identify what OS this disk has on it you can check the partition > table and see what "type" has been set for each slice/partition. > You will be able to see that there is a BSD style slice on the disk just by > running `fdisk /dev/mystolendiskdevice` > You now know it's a BSD OS, you could then make a guess as to what version > of BSD by the type of machine it was taken from, based on what hardware is > supported by each BSD. > > I believe their slices and layout are identical but the file systems differ. > > The person with your disk could then start trying to determine what kind of > disk encryption is in place. That's all irrelevant. Security of GELI (or any sane cryptographic system) doesn't depend on secrecy of algorithms used. -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
pgpA1kmMdGF3e.pgp
Description: PGP signature
