On 25/04/2011 12:14, ssc1478 wrote: > On Mon, Apr 25, 2011 at 6:48 AM, Steve Searle<steve@xxxxxxxxxxxxxxx> wrote: >> Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler scrawled: >> >>> putting the passphrase into /etc/crypttab does make it readily available (which >>> reduces the effectiveness of encrypting to begin with). >>> >>> However ... crypttab has allowance of putting the passphrase into a file. By >>> doing so, and then chown root:root combined with chmod 400, only the root user >>> has availability of the passphrase. This allows the partition to be persistently >>> mounted at boot time w/o directly compromising the passphrase. >>> >>> Should someone crack the root account, you probably have more serious problems >>> than worrying about the encrypted password... >> I see encryption's value aparticularly tparticularly defending against >> data loss because the computer has been stolen, where it could then be >> booted at run level 1. And possibly against access by an intruder into >> the building. >> >> So not sure what value there is in setting up the encryption password in >> /etc/crypttab - or have I misunderstood something? >> >> Steve > This is exactly why I encrypt the home directory - to defend against > theft. But entering the passphrase at every boot each time is not all > that friendly. could you not put the file on a removable device such as a usb stick that had to be there at boot time? not sure whether the usb drivers/ device is available then though?? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
