ecryptfs and password
Jan Willies
jan at willies.info
Mon Apr 25 22:16:55 UTC 2011
2011/4/25 ssc1478 <ssc1478 at aim.com>
> On Mon, Apr 25, 2011 at 6:48 AM, Steve Searle <steve at stevesearle.com>
> wrote:
> > Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler
> scrawled:
> >
> >> putting the passphrase into /etc/crypttab does make it readily available
> (which
> >> reduces the effectiveness of encrypting to begin with).
> >>
> >> However ... crypttab has allowance of putting the passphrase into a
> file. By
> >> doing so, and then chown root:root combined with chmod 400, only the
> root user
> >> has availability of the passphrase. This allows the partition to be
> persistently
> >> mounted at boot time w/o directly compromising the passphrase.
> >>
> >> Should someone crack the root account, you probably have more serious
> problems
> >> than worrying about the encrypted password...
> >
> > I see encryption's value aparticularly tparticularly defending against
> > data loss because the computer has been stolen, where it could then be
> > booted at run level 1. And possibly against access by an intruder into
> > the building.
> >
> > So not sure what value there is in setting up the encryption password in
> > /etc/crypttab - or have I misunderstood something?
> >
> > Steve
>
> This is exactly why I encrypt the home directory - to defend against
> theft. But entering the passphrase at every boot each time is not all
> that friendly.
I have the same setup - but I let GDM autologin into Gnome. So, on a
cold-boot, I still have to enter just one password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20110426/4b4e85ee/attachment.html
More information about the users
mailing list