[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: disk data protection
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: disk data protection
- From: Dimitri Georganas <dg_(_at_)_mitc_(_dot_)_net>
- Date: Thu, 04 Nov 2004 19:27:44 +0100
Ben Goren wrote:
I've looked into vnd before posting the question to misc, but it wasn't
clear if the encrypted system always needs user interaction to be
mounted (entering of password) and if it does, if there's a smart way to
bypass it. I admit I haven't read every word on Google about it.
On 2004 Nov 4, at 10:31 AM, Steve Shockley wrote:
Dimitri Georganas wrote:
Is there a way to protect a disk with sensitive data in a way that it
will only work and will only be readable if installed on i.e. System
A? So if the disk is stolen and installed in a System B, it shouldn't
boot and if mounted like mount /dev/wd1a /mnt/ the contents shouldn't
be readable.man atactl
BZZZZZT! Wrong answer.
This is the classic case for data encryption, particularly the kind
offered by vnd(4).
I want the encrypted system to be normally accessible, without user
intervention, on System A, but to be inaccessible on System B, or
accessible after password entry.
An option is to have a script send a unique md5 string calculated from
cpu/mac address etc. to a server as to identify itself as "System A",
receive the password, and mount the filesystem...but an autonomous
solution would be preferable, of course without having to store the
password on the same disk :))
Visit your host, monkey.org