Re: ecryptfs and password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/7/11 12:54 PM, Bill Davidsen wrote:
> James McKenzie wrote:
>> On 5/1/11 5:18 PM, Bill Davidsen wrote:
>>> Gregory Hosler wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> On 04/25/2011 09:48 AM, Digimer wrote:
>>>>> On 04/24/2011 09:46 PM, ssc1478 wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I'm new to Fedora - been using Ubuntu for years.  I just installed
>>>>>> Fedora 14 to my laptop and selected to encrypt /home.
>>>>>>
>>>>>> When I boot, I have to enter the password for the encrypted directory.
>>>>>>      Did I set it up wrong?  I didn't expect to have to enter the password
>>>>>> at boot but instead thought the login password would be enough.
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> Phil
>>>>> It encrypts the partition, so when the system tries to mount /etc/fstab
>>>>> partitions, of which /home is likely one, it requires the password then.
>>>> alternately, you can setup /etc/crypttab so that the password is not entered
>>>> manually.
>>>>
>>> This adds no security at all from the encryption. The only reason to use
>>> encryption and then build in the pass phrase is to allow you to claim that the
>>> data was encrypted if you lose the machine, therefore giving you legal cover if
>>> the data you lost belongs to customers. I can't decide if that's a sleazy legal
>>> trick to provide cover without the effort to have security, or if it just shows
>>> how little the average user knows about security in the first place.
>> False security is worse than no security at all.  Never store a
>> passphrase on a readable device.  It should be stored in the brain, just
>> like passwords and such.  BTW, this would never pass a security
>> inspection at any of the places I've worked at.
>>
> It satisfies legal requirements to encrypt sensitive data which is all the bean
> counters and lawyers care about. They are not required to actually protect your
> information. :-(
>
Not in the EU.  There are legal requirements to safeguard information, 
to include encryption of 'data at rest' and 'data in transit'.  Same for 
HIPPA and in the PCI world.  This has gotten several companies in trouble.

James McKenzie

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux