Re: dm-setup with keyfile for root encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dirk Heinrichs wrote:
Am Mittwoch, 31. Mai 2006 18:10 schrieb ext dm-crypt-return-1645-ext-dirk.heinrichs@?[$úoÒ: 


i'm new in disk encryption and i'll try to use cryptsetup for encrypt my
root partition and all work done.
Now i would like to encrypt disk using a keyfile for not enter passphrase


Hmm, this is as good as having no encryption at all, isn't it?
Actually there is one big difference. To read the data on the disc you have to boot the system. With plain disc you can easily read the data with any machine (including Windows).
As always with encryption you need to understand exactly what you are trying to protect against.
I quite like the idea of constructing a key from various external factors. It could be the MAC address of your adsl modem or the contents of a file on a remote machine - or some combination of both. The idea being that if you attempt to run the system in some other location, or in some other environment, it won't boot. Problem, of course, is catch-22, you cannot easily access the remote data until the system is booted. 

Dick


---------------------------------------------------------------------
 - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux