<div class="gmail_quote">2011/4/25 ssc1478 <span dir="ltr"><<a href="mailto:ssc1478@aim.com">ssc1478@aim.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Mon, Apr 25, 2011 at 6:48 AM, Steve Searle <<a href="mailto:steve@stevesearle.com">steve@stevesearle.com</a>> wrote:<br>
> Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler scrawled:<br>
><br>
>> putting the passphrase into /etc/crypttab does make it readily available (which<br>
>> reduces the effectiveness of encrypting to begin with).<br>
>><br>
>> However ... crypttab has allowance of putting the passphrase into a file. By<br>
>> doing so, and then chown root:root combined with chmod 400, only the root user<br>
>> has availability of the passphrase. This allows the partition to be persistently<br>
>> mounted at boot time w/o directly compromising the passphrase.<br>
>><br>
>> Should someone crack the root account, you probably have more serious problems<br>
>> than worrying about the encrypted password...<br>
><br>
> I see encryption's value aparticularly tparticularly defending against<br>
> data loss because the computer has been stolen, where it could then be<br>
> booted at run level 1. And possibly against access by an intruder into<br>
> the building.<br>
><br>
> So not sure what value there is in setting up the encryption password in<br>
> /etc/crypttab - or have I misunderstood something?<br>
><br>
> Steve<br>
<br>
</div>This is exactly why I encrypt the home directory - to defend against<br>
theft. But entering the passphrase at every boot each time is not all<br>
that friendly. </blockquote></div><br><div>I have the same setup - but I let GDM autologin into Gnome. So, on a cold-boot, I still have to enter just one password.</div>