[PC-BSD Testing] Disk encryption issues and ... on 8.2 RC 1

LinuxBSDos.com finid at linuxbsdos.com
Thu Jan 13 16:20:53 PST 2011


> On Thu, Jan 13, 2011 at 4:16 PM, LinuxBSDos.com <finid at linuxbsdos.com>
> wrote:
>>
>> Here are few observations about disk encryption and the default
>> partitioning scheme:
>
>>
>> 3. The system gives 3 chances to supply the correct encryption
>> passphrase
>> during system boot. I found that if the third and last attempt is
>> unsuccessful, the system will drop into a console. You may view a
>> screenshot of it at http://linuxbsdos.com/forum/thread-85.html
>>
>> What purpose does this serve? Is it really a good idea to give any kind
>> of
>> access if a user is unable to supply the correct passphrase?
>
>> --
>> Fini Decima
>> http://LinuxBSDos.com
>>
>
> I'm not sure I understand the point of the question - would you
> propose the system simply be stuck in a boot loop?
> BIOS passwords operate more the way you're proposing, I guess.
>
>
Well, I thought the whole point of encrypting the disk is to deny any
access unless the correct passphrase is supplied. It is assumed that if
the person trying to boot into the system cannot supply the correct
passphrase, then they are either not authorized to boot the system, or
they just forgot the passphrase.

In cases where the rightful owner of the box forgot the passphrase, then
there should be a way that would allow for a backup passphrase tp be
configured (is that the role the system-generated key is supposed to
play?).

--
> Thanks,
> Mike Bybee

--
Finid Decima
http://LinuxBSDos.com




More information about the Testing mailing list