debian@xxxxxxxxxxxxx wrote:
I would think that a thief would just take the whole machine from the rack. Removing a machine from the rack is not that hard! (Unless your server is some 8U beast that requires 4 dudes to lift, and a pickup truck to carry...)What prevents the thief from stealing the other disk, also?Nothing, but if i save keyfile in a hd not in a hot swap bay the thief must disassemble the entire rack for steal it. and that operation is not simple like steel a single hotswap hd, isnt'it?
The solution that most people in your situation would use would be to put the key on a USB flash drive, which then resides on your physical keychain (the one that rides around in your pocket). You could copy the key onto a flash-drive for each person who has root on the machine. The disadvantages are that when the power goes out in the server room, someone with a key needs to come by to start the computer. Also, you have the same management issues that you would with traditional metal keys -- except that everyone who has a USB port has a key-duplication machine.
But, when the keys and the data are separated, a thief would need to steal both items in order to read the disk(s).
-Luke
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
