2011/4/25 ssc1478 <ssc1478@xxxxxxx>
On Mon, Apr 25, 2011 at 6:48 AM, Steve Searle <steve@xxxxxxxxxxxxxxx> wrote:This is exactly why I encrypt the home directory - to defend against
> Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler scrawled:
>
>> putting the passphrase into /etc/crypttab does make it readily available (which
>> reduces the effectiveness of encrypting to begin with).
>>
>> However ... crypttab has allowance of putting the passphrase into a file. By
>> doing so, and then chown root:root combined with chmod 400, only the root user
>> has availability of the passphrase. This allows the partition to be persistently
>> mounted at boot time w/o directly compromising the passphrase.
>>
>> Should someone crack the root account, you probably have more serious problems
>> than worrying about the encrypted password...
>
> I see encryption's value aparticularly tparticularly defending against
> data loss because the computer has been stolen, where it could then be
> booted at run level 1. And possibly against access by an intruder into
> the building.
>
> So not sure what value there is in setting up the encryption password in
> /etc/crypttab - or have I misunderstood something?
>
> Steve
theft. But entering the passphrase at every boot each time is not all
that friendly.
I have the same setup - but I let GDM autologin into Gnome. So, on a cold-boot, I still have to enter just one password.
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines