Musings about on-disk encryption in Fedora Core

Nils Philippsen nphilipp at redhat.com
Mon Jul 5 21:20:22 UTC 2004 

On Mon, 2004-07-05 at 21:54, W. Michael Petullo wrote:
> >> I am working on implementing encrypted root filesystem support to  
> >> mkinitrd.  See  
> >> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789 for more
> >> information and an patch.
>  
> > I looked at the patch any I see the problem that you need to call
> > mkinitrd with certain arguments in order for this to work. This  
> > should just kind of determine the parameters (i.e. read them from a  
> > config file written while creating the encrypted root device) used on  
> > the current root fs and apply them automatically so that calls to  
> > mkinitrd from e.g. the kernel pkgs' %post scripts work.
> 
> Okay, that's a great point.  Where should the configuration file be?  / 
> etc/sysconfig/rootfs would get my vote.

ACK as far as I'm concerned.

> If my system password is not unknown to others then my encryption  
> password is probably no good either.  I think root has to be trusted in  
> most cases.  I would be interested to hear any arguments that "only  
> mount[ing] the encrypted, potentially sensitive stuff when you need it"  
> would be more secure than unmounting encrypted volumes a login time  
> (assuming a strong system authentication token).

If I have a different password, there is no representation of it on disk
(like crypt() or MD5 hashes of a login password). There's a reason my
PGP pass phrase is different from my login password as well ;-). If one
is compromised, the other isn't.

Nils
-- 
     Nils Philippsen    /    Red Hat    /    nphilipp at redhat.com
"They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety."     -- B. Franklin, 1759
 PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20040705/f824ae88/attachment-0002.bin

More information about the devel mailing list