Passphraseless Disk Encryption Options?
Richard Hodges
richard at hodges.org
Tue Sep 8 19:52:33 UTC 2015
On Tuesday 08 September 2015,"Li, Xiao via freebsd-hackers" <freebsd-hackers at freebsd.org>
wrote:
> Agreed, that¹s why I¹m stuck in here: it seems like something either
> unachievable or haven¹t been done before.
The decryption key has to come from somewhere. Usually someone types it in, but they key
could be on removable media, like a USB memory stick, a CD ROM, floppy, etc.
I think you hinted at secure boot. Do you trust the security of the motherboard? But if
someone steals your hard drives, can't they also steal your other hardware?
It might be interesting to think about an external key, such as in a USB stick, that could
be set to self-destruct (eg, overvoltage) coupled with a tamper sensor.
If you could describe your threat model in more detail, and tell exactly what parts are
trusted, someone might have a helpful idea.
-Richard
More information about the freebsd-hackers
mailing list