ecryptfs and password
James McKenzie
jjmckenzie51 at gmail.com
Mon May 2 01:04:25 UTC 2011
On 5/1/11 5:18 PM, Bill Davidsen wrote:
> Gregory Hosler wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 04/25/2011 09:48 AM, Digimer wrote:
>>> On 04/24/2011 09:46 PM, ssc1478 wrote:
>>>> Hi,
>>>>
>>>> I'm new to Fedora - been using Ubuntu for years. I just installed
>>>> Fedora 14 to my laptop and selected to encrypt /home.
>>>>
>>>> When I boot, I have to enter the password for the encrypted directory.
>>>> Did I set it up wrong? I didn't expect to have to enter the password
>>>> at boot but instead thought the login password would be enough.
>>>>
>>>> Thanks!
>>>>
>>>> Phil
>>> It encrypts the partition, so when the system tries to mount /etc/fstab
>>> partitions, of which /home is likely one, it requires the password then.
>> alternately, you can setup /etc/crypttab so that the password is not entered
>> manually.
>>
> This adds no security at all from the encryption. The only reason to use
> encryption and then build in the pass phrase is to allow you to claim that the
> data was encrypted if you lose the machine, therefore giving you legal cover if
> the data you lost belongs to customers. I can't decide if that's a sleazy legal
> trick to provide cover without the effort to have security, or if it just shows
> how little the average user knows about security in the first place.
False security is worse than no security at all. Never store a
passphrase on a readable device. It should be stored in the brain, just
like passwords and such. BTW, this would never pass a security
inspection at any of the places I've worked at.
James McKenzie
More information about the users
mailing list