Why do you think that's useful in limiting vulnerability? In order for the system to mount the filesystem, the key has got to be there.
If it's a "highly available" system, it's not acceptable for the system to have to wait for a sysadmin to type in a decryption key, so the key has to be sitting there, vulnerable to theft. Given some sort of secure crypto hardware (nCipher, Sun Crypto Accelerator, and such), it's possible to make the system reasonably tamper-resistant, but the costs are pretty hefty, and tamper resistance requires leaping back into the risk that a power outage would require manual intervention to reinitialize the cryptographic device. This is a big problem: You can't just apply cryptography onto things like you would add peanut butter to a sandwich and expect to actually get security. It is eminently easy for a cryptographic system to only provide the _impression_ of security. -- let name="cbbrowne" and tld="gmail.com" in String.concat "@" [name;tld];; http://linuxfinances.info/info/internet.html It is usually a good idea to put a capacitor of a few microfarads across the output, as shown. ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
