Passphraseless Disk Encryption Options?
Perry Hutchison
perryh at pluto.rain.com
Tue Sep 8 20:15:22 UTC 2015
Xiao Li wrote:
> I'm trying to protect a headless device that has FreeBSD installed
> on it. There is no usb/video input, only NIC and power are exposed.
> And I'm trying to protect its bootable drive.
I think this is fundamentally impossible* to do, with any real
security. It is like stashing a key to your house somewhere in
the barn: you think no one else knows where that key is, but
anyone who figures out what you've done can get in.
In Apple's scheme, at least the house key is in a lockbox -- the
login password is the key to the lockbox -- but even there the
hard drive encryption is ultimately only as strong as the login
password.
* Granted, statements like this carry some risk of ending up in
the same category as "There is no reason for anyone to have a
home computer" (Gordon Bell), or "No one should ever need more
than 640K of main memory" (Bill Gates).
More information about the freebsd-hackers
mailing list