ecryptfs and password
Bill Davidsen
davidsen at tmr.com
Sat May 7 19:54:16 UTC 2011
James McKenzie wrote:
> On 5/1/11 5:18 PM, Bill Davidsen wrote:
>> Gregory Hosler wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On 04/25/2011 09:48 AM, Digimer wrote:
>>>> On 04/24/2011 09:46 PM, ssc1478 wrote:
>>>>> Hi,
>>>>>
>>>>> I'm new to Fedora - been using Ubuntu for years. I just installed
>>>>> Fedora 14 to my laptop and selected to encrypt /home.
>>>>>
>>>>> When I boot, I have to enter the password for the encrypted directory.
>>>>> Did I set it up wrong? I didn't expect to have to enter the password
>>>>> at boot but instead thought the login password would be enough.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Phil
>>>> It encrypts the partition, so when the system tries to mount /etc/fstab
>>>> partitions, of which /home is likely one, it requires the password then.
>>> alternately, you can setup /etc/crypttab so that the password is not entered
>>> manually.
>>>
>> This adds no security at all from the encryption. The only reason to use
>> encryption and then build in the pass phrase is to allow you to claim that the
>> data was encrypted if you lose the machine, therefore giving you legal cover if
>> the data you lost belongs to customers. I can't decide if that's a sleazy legal
>> trick to provide cover without the effort to have security, or if it just shows
>> how little the average user knows about security in the first place.
> False security is worse than no security at all. Never store a
> passphrase on a readable device. It should be stored in the brain, just
> like passwords and such. BTW, this would never pass a security
> inspection at any of the places I've worked at.
>
It satisfies legal requirements to encrypt sensitive data which is all the bean
counters and lawyers care about. They are not required to actually protect your
information. :-(
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list