Musings about on-disk encryption in Fedora Core
Nils Philippsen
nphilipp at redhat.com
Mon Jul 5 19:42:17 UTC 2004
On Mon, 2004-07-05 at 21:12, Alan Cox wrote:
> On Mon, Jul 05, 2004 at 09:04:36PM +0200, Nils Philippsen wrote:
> > - with passphrase: key is generated by hashing a passphrase typed in
> > while booting
> > - key is a file on a USB stick
> >
> > The other information or configuration I was referring to is cipher
> > algos, key lengths, ... for certain devices which can be kept as an
> > ordinary configuration file beneath /etc.
>
> Providing they are not needed you can keep them there, you need the root
> fs info elsewhere because otherwise you need to decrypt / to decrypt /.
>
> /boot on the other hand cannot be encrypted usefully without hardware
> key systems because then you cannot boot off it.
Yes, of course. I was expressing myself not that understandable I
presume...
Nils
--
Nils Philippsen / Red Hat / nphilipp at redhat.com
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20040705/14bc55b9/attachment-0002.bin
More information about the devel
mailing list