> I would think that a thief would just take the whole machine from the > rack. Removing a machine from the rack is not that hard! (Unless your > server is some 8U beast that requires 4 dudes to lift, and a pickup > truck to carry...) Removing a machine from tha rack is not so hard but i would like only to ensure data on storage hd. > The solution that most people in your situation would use would be to > put the key on a USB flash drive, which then resides on your physical > keychain (the one that rides around in your pocket). You could copy the > key onto a flash-drive for each person who has root on the machine. > The disadvantages are that when the power goes out in the server room, > someone with a key needs to come by to start the computer. Also, you > have the same management issues that you would with traditional metal > keys -- except that everyone who has a USB port has a key-duplication > machine. In order to do that i need to resolve my initially question about yaird problem with keyfile for root partition in ramdisk creation during reconfigure of my kernel. The other problem we will resolve later. > But, when the keys and the data are separated, a thief would need to > steal both items in order to read the disk(s). > > -Luke Duke --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
