Java Mailing List Archive

http://www.redhatconfig.com/

Home » Red Hat Enterprise Linux 5 »

Re: [rhelv5-list] Protect my stolen disk

Ahmed Kamal

2008-01-21

Replies:

Author LoginPost Reply
That's cool. I guess the real issue is when booting the system and decrypting. I guess we would need to change some initscripts ? to do the same

On Jan 21, 2008 10:45 AM, Zavodsky, Daniel (GE Money) < daniel.zavodsky@ge.com> wrote:
I am using loop-aes (losetup) for encryption - you can pre-parse the CPU number in a shell script and feed it to losetup:
 
(from losetup man page):
       -p num Read the passphrase from file descriptor with number num instead
              of from the terminal.
 
with -p 0 you can use standard input. I hope this helps.

 
From: rhelv5-list-bounces@redhat.com [mailto:rhelv5-list-bounces@redhat.com] On Behalf Of Ahmed Kamal
Sent: Monday, January 21, 2008 8:54 AM

To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: Re: [rhelv5-list] Protect my stolen disk

But is anyone aware of an actual tool or plug-in to achieve encryption that related to say CPU serial number, and uses it to automatically decrypt ?

On Jan 21, 2008 9:45 AM, Zavodsky, Daniel (GE Money) < daniel.zavodsky@ge.com> wrote:
You do not need the CPU, just its serial number (or the MAC address of the network card) - and you can easily write that on a piece of paper and put it in a secure location - or store this information in your office on an encrypted disk.

From: rhelv5-list-bounces@redhat.com [mailto:rhelv5-list-bounces@redhat.com ] On Behalf Of Ahmed Kamal
Sent: Saturday, January 19, 2008 2:06 PM

To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: Re: [rhelv5-list] Protect my stolen disk

hmm, yep this could be a problem, if the CPU got burnt for example!

On Jan 19, 2008 2:26 PM, John Summerfield <debian@herakles.homelinux.org > wrote:
Ahmed Kamal wrote:
> Seems like I could use dm-crypt to do full disk encryption, with some
> hardware parameter (MAC, CPU s/n ... ) as the decryption key. That would
> prevent someone from mounting the disk, or even dd'ing it to a different
> machine. That's about exactly what I need.
> Not sure if dm-crypt supports getting decryption keys from hardware params
> though ...
>

Be sure you can read the disk should you need.
You cannot reply off-list:-)

_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list


_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list



_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list


_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list
©2008 redhatconfig.com - Jax Systems, LLC, U.S.A.