On Fri, May 22, 2009 at 12:56:31PM +0100, Hunter Bryce wrote: > Hi, > > Does anyone know if it is possible to use the mac address of the > encrypted machine as the boot encryption password for its > encryption? > > I want to marry the OS (fedora) disk to the machine.. so it can't be > taken out and files stolen if inserted in another machine. 'ifconfig' will display the MAC address, you can filter it out. Woul would likely have to use SED/AWK/BASH for the filtering, which is not too difficult. You should however be aware that while MAC addresses are 48 bit long, the actual entropy in them is more like 24 bit or less, as they are generated systematically from vendor information. Brute-forcing a MAC is entrirely feasible with commodity hardware. You also need to make sure that bootup information (e.g. dmesg output) does not end up on disk. One thing you need to do is to use encrypted swap as well. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
