* Chris Murphy: > One thing I got from Lennart that I don't have a complete assessment > on, is to what degree he's replicated fscrypt (userspace tool from > Google) functionality. He's hooking into fscrypt (kernel code) > directly, and doesn't have any of the fancier key management that > Google fscrypt has - i.e. Google fscrypt let's you change the user > master passphrase, which is a wrapped key, separate from the secret > key (let's call it a DEK, even though there is one DEK and then there > are many derived DEK's for each file), so that it's not necessary to > reencrypt everything. Whereas systemd-homed lacks this feature, so it > requires 50% free space to reencrypt everything in case of user > passphrase changes. Does the current state of affairs enable key escrow without sharing the passphrase (hashed or not)? I expect that key escrow could be pretty important to some users. Thanks, Florian _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
