On Tue, 17 Aug 2004 00:47, Josiah Royse <jroyse@xxxxxxxxx> wrote: > On Mon, 16 Aug 2004 23:40:55 +1000, Russell Coker <russell@xxxxxxxxxxxx> wrote: > > > If the goal is for an encrypted filesystem- why not just have a script > > > interface early on in the boot process to prompt for a password for > > > the encrypted file system - in order to mount the encrypted ones? Or > > > > I am thinking of making it an option to take a file of random data, a > > user-entered password, or an XOR of both of them. > > I like it! Basically a poor-man's smartcard of sorts. Much easier to > test/develop for since USB keys are easy to find. Yes. > Removing the USB key after boot in this senario would not affect it, > since the key is read once, correct? Down the road perhaps the UI My idea is that the USB device would be used for /boot. So it would not need to be installed all the time, but it would be required for kernel upgrades. > would be patched to recognize the removal of the smartcard/like device > and lock the screen. Just a thought! Eventually we'll get to such things. SE Linux is one of many parts of the Red Hat security plan. Many more things will come in RHEL 5 and beyond. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
