That's a really good idea. - Removable media with key (so you can take it out for security reasons) and using a key so don't have to type in a passphrase each time.
btw, is there any good document on GELI? One idea is having 1 server with a CD-ROM drive and exporting it via NFS. When a server boots it mounts the remote CD-ROM drive and looks for key "$HOSTNAME.key". CDs are reliable - hold a good amount of data (enough for lots of keys) and can be removed and taken with you. -J On 9/7/06, Bob Johnson <[EMAIL PROTECTED]> wrote:
On 9/6/06, Barkley Vowk <[EMAIL PROTECTED]> wrote: > You are a complete madman. You want to protect your data with a key stored > on the most completely and utterly unreliable form of data storage still > lamentably in use? Its not the 1970's anymore, get a real data storage > medium! > > Get a usb flash drive, from there its a simple matter of changing the geli > script to mount a specific usb device before starting. Look in > /etc/rc.d/geli and geli2. I'd put your mounting and checks between the > kldstat and the "if [ -z" in the geli_start() sub. I have floppies from the 1980s that are still readable, but I have never had a USB flash drive last more than six months when actually in use. For important data, I trust a floppy far more than I trust a flash drive. The big problem with floppies is they don't hold enough data. For that matter, writeable CDs and DVDs have proven to be much less reliable than floppies, too. - Bob _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED] "
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
