On Mon, Apr 16, 2012 at 7:08 AM, Lev Serebryakov <[email protected]> wrote: > Hello, Robert. > You wrote 12 апреля 2012 г., 20:24:25: > >> It will stop those who can figure out how???? It's a file in the >> unencrypted portion of the image. "extracting" would entail "geli >> attach -j /pathto/foo.pass -k /pathto/foo.key /dev/foo0" > >> There is no effort involved. And they are not "bypassing the >> encryption" or "making offline access non-trivial". They are "doing >> it wrong". > >> I'm not sure that anything you said makes sense. > It makes perfect sense. If you know only Windows and use this "cache" > CD in small office as some "black box", you cannot call "geli > attach". You could read CD and even unpack "tar.gz" but nothing more. > Any non-standard encryption, even with empty passphrase is adequate > protection in such cases.
Not intelligent. If it is meant as a cache in this case, and geli lets you setup a provider with a one time key for precisely this exact purpose, then using the software incorrectly is stupid. And, no, it's not adequate protection to use a blank passphrase. That too is stupid. You're making a bad argument. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "[email protected]"
