On Mon, 2004-07-05 at 21:12, Alan Cox wrote:
> On Mon, Jul 05, 2004 at 09:04:36PM +0200, Nils Philippsen wrote:
> > - with passphrase: key is generated by hashing a passphrase typed in
> > while booting
> > - key is a file on a USB stick
> >
> > The other information or configuration I was referring to is cipher
> > algos, key lengths, ... for certain devices which can be kept as an
> > ordinary configuration file beneath /etc.
>
> Providing they are not needed you can keep them there, you need the root
> fs info elsewhere because otherwise you need to decrypt / to decrypt /.
>
> /boot on the other hand cannot be encrypted usefully without hardware
> key systems because then you cannot boot off it.
Yes, of course. I was expressing myself not that understandable I
presume...
Nils
--
Nils Philippsen / Red Hat / nphilipp@xxxxxxxxxx
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
Attachment:
signature.asc
Description: This is a digitally signed message part
