I have a situation where I need to have an encrypted partition. The scenario that needs protection is the machine being stolen. The catch is: the machine has to boot unattended, i.e., that filesystem has to be mounted automatically during boot. How to do this without storing the secret in the machine itself? I thought about some stuff: - use something in the environment as the secret. Like some MAC addresses of the local switches and routers, some wireless SID, etc. - use a complex scheme with the password stored on a remote server which would, after a series of validations, connect back to the booting server to mount the fs for it. Any other ideas? I of course realise that the above schemes have their weaknesses, so I guess I'm looking at a compromise between security and the unattended boot feature. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
