Re: disk data protection

[Dimitri Georganas <dg_(_at_)_mitc_(_dot_)_net>]

Ben Goren wrote:

> On 2004 Nov 4, at 10:31 AM, Steve Shockley wrote:
>
>  
>
> > Dimitri Georganas wrote:
> >    
> >
> > > Is there a way to protect a disk with sensitive data in a way that it 
> > > will only work and will only be readable if installed on i.e. System 
> > > A? So if the disk is stolen and installed in a System B, it shouldn't 
> > > boot and if mounted like mount /dev/wd1a /mnt/ the contents shouldn't 
> > > be readable.
> > >      
> > man atactl
> >    
>
> BZZZZZT! Wrong answer.
>
> This is the classic case for data encryption, particularly the kind 
> offered by vnd(4).
>  
I've looked into vnd before posting the question to misc, but it wasn't 
clear if the encrypted system always needs user interaction to be 
mounted (entering of password) and if it does, if there's a smart way to 
bypass it. I admit I haven't read every word on Google about it.
I want the encrypted system to be normally accessible, without user 
intervention, on System A, but to be inaccessible on System B, or 
accessible after password entry.

An option is to have a script send a unique md5 string calculated from 
cpu/mac address etc. to a server as to identify itself as "System A", 
receive the password, and mount the filesystem...but an autonomous 
solution would be preferable, of course without having to store the 
password on the same disk :))