ecryptfs and password
Gregory Hosler
ghosler at redhat.com
Mon Apr 25 09:34:19 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/25/2011 01:01 PM, Larry Brower wrote:
> On 04/24/2011 11:58 PM, Gregory Hosler wrote:
>
>> alternately, you can setup /etc/crypttab so that the password is not entered
>> manually.
>
>> All the best,
>
>> -Greg
>
>
>
> Would this not then defeat the purpose of encrypting the partition ? :)
depends.
putting the passphrase into /etc/crypttab does make it readily available (which
reduces the effectiveness of encrypting to begin with).
However ... crypttab has allowance of putting the passphrase into a file. By
doing so, and then chown root:root combined with chmod 400, only the root user
has availability of the passphrase. This allows the partition to be persistently
mounted at boot time w/o directly compromising the passphrase.
Should someone crack the root account, you probably have more serious problems
than worrying about the encrypted password...
:-)
All the best,
- -Greg
- --
+---------------------------------------------------------------------+
Please also check the log file at "/dev/null" for additional information.
(from /var/log/Xorg.setup.log)
| Greg Hosler ghosler at redhat.com |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk21QBkACgkQ404fl/0CV/TRRACeONooB5N+4XhBVyDn/Kzytx1y
nnUAn29B4Vc55liQ7a2Tb3txZtBjS+zn
=H2ly
-----END PGP SIGNATURE-----
More information about the users
mailing list