Re: Getting GELI Keys from Floppy
On Thursday 07 September 2006 00:00, Frank Steinborn wrote:
> Hello,
>
> i want to encrypt my HDD's with GELI (not the root-fs, though). I want
> to do the encryption without password, just with a key. The key should
> be stored in a floppy disk, and the read should be read automatically
> on boot, from the floppy.
Are you sure you want to trust a floppy disk for your keys??
It's not the most safe medium these days...
>
> There is a problem here, because GELI initializes _before_ mounting
> the disks from /etc/fstab (for obvious reasons, of course). So GELI is
> not able to get the keys from the floppy and fails.
>
> So, any hints how I could get the floppy mounted _before_ GELI tries
> to initialize?
Why don't you use the plain device(/dev/fd0) instead of using a file on a
filesystem on the floppy? I think there are examples in the manual page.
Anyway, I find this a very very bad idea. If the floppy break in some way
you're gonna be in big trouble...
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 9 篇):