On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote: > > I use a variant of this, where keys are stored on a dedicated > > partition. The pre_mount and post_mount (which unmounts the > > filesystem) ensure that the keys are only visible for as long as it > > takes to mount the other filesystems. > > I protect the root fs with a passphrase and all other volumes with a > keyfile stored in this fs. No need to mount anything (however, I _do_ > need an initramfs because of this).
That still means your keys are readable all the time, whereas mine disappear long before the network comes up. -- Neil Bothwick Remember, it takes 47 muscles to frown And only 4 to pull the trigger of a sniper rifle....
signature.asc
Description: PGP signature
