On Mon, Apr 25, 2011 at 6:48 AM, Steve Searle <steve@xxxxxxxxxxxxxxx> wrote: > Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler scrawled: > >> putting the passphrase into /etc/crypttab does make it readily available (which >> reduces the effectiveness of encrypting to begin with). >> >> However ... crypttab has allowance of putting the passphrase into a file. By >> doing so, and then chown root:root combined with chmod 400, only the root user >> has availability of the passphrase. This allows the partition to be persistently >> mounted at boot time w/o directly compromising the passphrase. >> >> Should someone crack the root account, you probably have more serious problems >> than worrying about the encrypted password... > > I see encryption's value aparticularly tparticularly Âdefending against > data loss because the computer has been stolen, where it could then be > booted at run level 1. And possibly against access by an intruder into > the building. > > So not sure what value there is in setting up the encryption password in > /etc/crypttab - or have I misunderstood something? > > Steve This is exactly why I encrypt the home directory - to defend against theft. But entering the passphrase at every boot each time is not all that friendly. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
