On Wed, Apr 11, 2012 at 11:27 PM, <[email protected]> wrote: > Pawel Jakub Dawidek <[email protected]> wrote: > >> If they distribute encrypted image that actually works, it means >> they distribute the key along with the image. As was already noted >> this serves no purpose, as you can extract the key from the image >> and decrypt the whole thing on your own. > > s/serves no purpose/provides no real security/ > > It will stop those who can't figure out _how_ to extract the key > from the image, and it will deter those whose interest in bypassing > the encryption is not strong enough to justify the effort. Making > offline access non-trivial might also have legal implications in > some jurisdictions, since having gone to the trouble of extracting > the key would impair the credibility of a subsequent assertion that > any improprieties had been inadvertent.
It will stop those who can figure out how???? It's a file in the unencrypted portion of the image. "extracting" would entail "geli attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0" There is no effort involved. And they are not "bypassing the encryption" or "making offline access non-trivial". They are "doing it wrong". I'm not sure that anything you said makes sense. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "[email protected]"
