2011/4/25 ssc1478 ssc1478@aim.com
On Mon, Apr 25, 2011 at 6:48 AM, Steve Searle steve@stevesearle.com wrote:
Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler
scrawled:
putting the passphrase into /etc/crypttab does make it readily available
(which
reduces the effectiveness of encrypting to begin with).
However ... crypttab has allowance of putting the passphrase into a
file. By
doing so, and then chown root:root combined with chmod 400, only the
root user
has availability of the passphrase. This allows the partition to be
persistently
mounted at boot time w/o directly compromising the passphrase.
Should someone crack the root account, you probably have more serious
problems
than worrying about the encrypted password...
I see encryption's value aparticularly tparticularly defending against data loss because the computer has been stolen, where it could then be booted at run level 1. And possibly against access by an intruder into the building.
So not sure what value there is in setting up the encryption password in /etc/crypttab - or have I misunderstood something?
Steve
This is exactly why I encrypt the home directory - to defend against theft. But entering the passphrase at every boot each time is not all that friendly.
I have the same setup - but I let GDM autologin into Gnome. So, on a cold-boot, I still have to enter just one password.