On Wed, 26 Nov 2014, Bill Oliver wrote:
On Wed, 26 Nov 2014, Bruno Wolff III wrote:
On Wed, Nov 26, 2014 at 17:39:34 +0000,
Bill Oliver <vendor@xxxxxxxxxxxxx> wrote:
>
> For the HP issue, the fix is easy -- you just delete the command to
> check during boot up. But, I was thinking about this as an encryption
> option -- where one could encrypt files in a way that automatically
> incorporates hardware information with the passphrase. That way, if
> someone were to intercept a file and knew your passphrase, they would
> still not be able to decrypt the file unless they did it on one specific
> machine.
What threats are you trying to counter? The normal putting file systems on
top of a luks container should be good enough for a lot of threats.
I don't want someone to be able to image my disk and unencrypt it on a
different machine if they have intercepted my passphrase.
Actually, let me be more specific. Let's say I have data on a flash
drive that is encrypted using gpg. We can even say the flash drive
itself is encrypted.
Now let's say that flash drive is stolen, lost, etc. *and* the
passphrase is compromised. I want the data on the flash drive to be
available *only on one computer* even if the passphrase is known.
billo
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
