Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler scrawled: > putting the passphrase into /etc/crypttab does make it readily available (which > reduces the effectiveness of encrypting to begin with). > > However ... crypttab has allowance of putting the passphrase into a file. By > doing so, and then chown root:root combined with chmod 400, only the root user > has availability of the passphrase. This allows the partition to be persistently > mounted at boot time w/o directly compromising the passphrase. > > Should someone crack the root account, you probably have more serious problems > than worrying about the encrypted password... I see encryption's value aparticularly tparticularly defending against data loss because the computer has been stolen, where it could then be booted at run level 1. And possibly against access by an intruder into the building. So not sure what value there is in setting up the encryption password in /etc/crypttab - or have I misunderstood something? Steve -- Website: www.stevesearle.com Twitter: @ReddishShift Facebook: www.facebook.com/steve.searle 11:43:17 up 9 days, 49 min, 1 user, load average: 0.00, 0.00, 0.00
Attachment:
pgpw0w2fLxxyW.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
