On 22/03/2021 17.06, Christopher de Vidal wrote:
That's very cool. But I get the impression from your response that there is no way to automount securely? E.g. at least one password entry is always required.
I don't see how... If you get automount working, it has to get/read the key from somewhere that is accessible before mounting, and automatically.
Maybe it could be a challenge-response questionnaire to a remote server, say an ssh session, and it is the remote server which sends the key. But if an attacker is present, he could replace the machine or the ssh client with another of his own to obtain and store the key.
-- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
