On 25/04/2011 12:14, ssc1478 wrote:
On Mon, Apr 25, 2011 at 6:48 AM, Steve Searlesteve@stevesearle.com wrote:
Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler scrawled:
putting the passphrase into /etc/crypttab does make it readily available (which reduces the effectiveness of encrypting to begin with).
However ... crypttab has allowance of putting the passphrase into a file. By doing so, and then chown root:root combined with chmod 400, only the root user has availability of the passphrase. This allows the partition to be persistently mounted at boot time w/o directly compromising the passphrase.
Should someone crack the root account, you probably have more serious problems than worrying about the encrypted password...
I see encryption's value aparticularly tparticularly defending against data loss because the computer has been stolen, where it could then be booted at run level 1. And possibly against access by an intruder into the building.
So not sure what value there is in setting up the encryption password in /etc/crypttab - or have I misunderstood something?
Steve
This is exactly why I encrypt the home directory - to defend against theft. But entering the passphrase at every boot each time is not all that friendly.
could you not put the file on a removable device such as a usb stick that had to be there at boot time? not sure whether the usb drivers/ device is available then though??