> Hello Thomas,
>
> as Jeroen already said, the problem with this is that if they steal only the
> hard-drive, the data should be safe. Instead, if they steal the > whole
> server (which is somewhat harder, but not impossible), they only need it to
> boot and the BIOS would decrypt the data for the attacker.
Hello Jonas, Thomas,
Actually, I beg to differ. I've both heard of and experienced situations where
a server room was raided by criminals in which cases almost all systems were
taken - lock, stock and barrel. I've never heard of or experienced situations
where only the hard disk of a server was removed/stolen (at least not in
situations where the server was a production server which was correctly housed
in a purpose build server room).
From that point of view, I would strongly advise against using any technique
where the credentials required for decrypting/accessing the encrypted content
are stored on the same system. I cannot fathom a serious threat model in which
case this concept offers significant levels of security. In most cases if not
all it will give a false sense of security, the worst kind of all.
A setup using Mandos in combination with LUKS would be preferable - although in
that case it would be advisable to have the Mandos server located in another
building from the actual servers. Otherwise there is the risk of the Mandos
server being stolen together with the server(s) it helps secure.
Rgds,
Jeroen
