>> I read the spec but I could't find the point, if it is possible to >> access the encrypted files as root without knowing a password (km). >> I'm sure this had been >> asked before, a link to the archive I would appreciate. >> > If this is the behavior you want, then you want a regular unencrypted > filesystem. The stock kernel running on a normal filesystem (example: > ext3) prevents users from reading each other's files, and allows root to > bypass all of the permissions -- because that's one of the few reasons > the root account exists. I definetly do NOT want an unencrypted filesystem... > The point of encrypted filesystem prevents someone with a screwdriver, a > boot disc, or root privileges from reading the filesystems on the hard > disk after the machine has been stolen. In order to mount the volumes, > you (running as root) really, fundamentally need the password/key -- > this is the whole point of LUKS. If the encryption could be trivially > bypassed with su - or by mounting the HDD in another computer, then no > progress would have been made on the problem! Maybe my question was a little mistakable. Of course root can't mount the encrypted filesystems (without pw), when the hardware is stolen... I intended to know if root can access the files when a user is accessing the system regularly. If so, the encryption is done server based which in my opinion isn't the right choice for me. If not, the encryption is done client based, which is exactly that what I need. I read about FreeOTFE, a "on-the-fly" transparent disk encryption program for windows. I would like to use this in combination with LUKS but it has to be high secure... I hope I could point my intention in the right way. Thanks for your feedback. Mathias --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
