On Wed, Apr 09, 2008 at 18:39:42 +0100, Anne Wilson <cannewilson@xxxxxxxxxxxxxx> wrote: > On Wednesday 09 April 2008 17:33:14 Bruno Wolff III wrote: > > On Wed, Apr 09, 2008 at 12:54:07 +0100, > > > > Anne Wilson <cannewilson@xxxxxxxxxxxxxx> wrote: > > > That makes sense. However, at the time I wrote my mind was on my > > > single-filesystem installation. It just doesn't feel sensible to have to > > > give the password twice in this case. > > > > It is probably easier to securely delete the password if it can be done > > right away rather than saving it to potentially be used in other mounts > > (particularly for filesystems mounted by udev). > > Sorry, Bruno. I don't understand what you are saying. Could you explain a > bit more, please? There are ways that keys saved in memory can be leaked (swap, firewire, starting a new OS without clearing memory). If you are just using the key immediately and then writing over the area of memory that it was stored in you can reduce the likeliness of it leaking. Though for disk encryption this probably isn't that important (except protecting swap) as you are only protecting the passphrases. The actual keys needed to decrypt the disks need to be kept in memory. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
