ecryptfs and password
laurence orchard
laurence at orchards.org.uk
Mon Apr 25 12:06:18 UTC 2011
On 25/04/2011 12:14, ssc1478 wrote:
> On Mon, Apr 25, 2011 at 6:48 AM, Steve Searle<steve at stevesearle.com> wrote:
>> Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler scrawled:
>>
>>> putting the passphrase into /etc/crypttab does make it readily available (which
>>> reduces the effectiveness of encrypting to begin with).
>>>
>>> However ... crypttab has allowance of putting the passphrase into a file. By
>>> doing so, and then chown root:root combined with chmod 400, only the root user
>>> has availability of the passphrase. This allows the partition to be persistently
>>> mounted at boot time w/o directly compromising the passphrase.
>>>
>>> Should someone crack the root account, you probably have more serious problems
>>> than worrying about the encrypted password...
>> I see encryption's value aparticularly tparticularly defending against
>> data loss because the computer has been stolen, where it could then be
>> booted at run level 1. And possibly against access by an intruder into
>> the building.
>>
>> So not sure what value there is in setting up the encryption password in
>> /etc/crypttab - or have I misunderstood something?
>>
>> Steve
> This is exactly why I encrypt the home directory - to defend against
> theft. But entering the passphrase at every boot each time is not all
> that friendly.
could you not put the file on a removable device such as a usb stick
that had to be there at boot time?
not sure whether the usb drivers/ device is available then though??
More information about the users
mailing list