On Tue, Apr 6, 2010 at 3:45 AM, Timothy Madden <terminatorul@xxxxxxxxx> wrote: > The machine is a mini-laptop running almost all day time (actually > there are many of them) and if the machine is captured it is likely to > be captured while running. Wait, stop right there. So, you're a thief and you just made off with an HP mini with an encrypted file system. You have a login prompt. What do you do to get into it and then get to the encrypted hard drive? Seriously, what is your attack. Why does this machine even have regular login enabled? It would be easy enough to program it to unmount the encrypted drive after 3 failed login attempts. I think you hand-waved this one into being. It's not easy to get into a laptop that's locked / not logged in without rebooting it. And rebooting it unmounts your secure file system. You have a key with passphrase stored on a USB key that's used to start the dbs, then locked physically away from the laptops. If there's some objection to file system encryption I haven't thought of here lemme know. -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
