Hannes Erven wrote: > > Please pay attention to the fact that any user that knows a valid passphrase > may retrieve the partition encryption key, so removing a passphrase is *no* > means of revoking somebody's access! > (If that's the case, the complete partition must be re-encrypted with a new > key). > In that case am I correct in saying that if a company's sys-admin moves on to greener pastures it would be best for the company to re-encrypt everything that the sys-admin had a valid passphrase for instead of just revoking his passphrase on all devices? Is that the best suggested policy? -- Morgan Smith Dutro Company 675 North 600 West Logan, UT 84321 (435) 752-3921 ext.146 (435) 512-3374 morgan@xxxxxxxxx
Attachment:
signature.asc
Description: OpenPGP digital signature
