On Tue, 1 Apr 2008 08:04:10 +0200, Dirk Heinrichs wrote:
> > Not without the password. That filesystem uses a password, not a
> > keyfile.
>
> You didn't tell this before. Now I finally got the whole picture.
You're right. I thought I had but checking back I see I didn't actually
mention that.
Am Dienstag, 1. April 2008 schrieb ext Neil Bothwick:
> On Mon, 31 Mar 2008 18:15:54 +0200, Dirk Heinrichs wrote:
> > > That's right, because the keys aren't in /boot ;-)
> >
> > But they are somewhere. He who has cracked your box can simply look
> > into /etc/conf.d/dmcrypt to find out where your
On Mon, 31 Mar 2008 18:15:54 +0200, Dirk Heinrichs wrote:
> > That's right, because the keys aren't in /boot ;-)
>
> But they are somewhere. He who has cracked your box can simply look into
> /etc/conf.d/dmcrypt to find out where your keyfile is stored and mount
> that fs if needed.
Not withou
Neil Bothwick schrieb:
> On Mon, 31 Mar 2008 07:36:52 +0100, Dirk Heinrichs wrote:
>
>>> That still means your keys are readable all the time,
>> By root only, chmod 400 is your friend.
>
> But still readable.
>>> whereas mine
>>> disappear long before the network comes up.
>> So what? If so
On Mon, 31 Mar 2008 07:36:52 +0100, Dirk Heinrichs wrote:
> > That still means your keys are readable all the time,
>
> By root only, chmod 400 is your friend.
But still readable.
>
> > whereas mine
> > disappear long before the network comes up.
>
> So what? If somebody cracks into your
Am Sonntag, 30. März 2008 schrieb ext Neil Bothwick:
> On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote:
> > I protect the root fs with a passphrase and all other volumes with a
> > keyfile stored in this fs. No need to mount anything (however, I _do_
> > need an initramfs because of this).
On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote:
> > I use a variant of this, where keys are stored on a dedicated
> > partition. The pre_mount and post_mount (which unmounts the
> > filesystem) ensure that the keys are only visible for as long as it
> > takes to mount the other filesyste
Am Sonntag, 30. März 2008 schrieb Neil Bothwick:
> On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote:
> > > However, the setup doesn't work. I'm not asked for the passphrase, the
> > > mappings are not created. What did I forget?
> >
> > That the mappings are created all in one go before any
On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote:
> > However, the setup doesn't work. I'm not asked for the passphrase, the
> > mappings are not created. What did I forget?
>
> That the mappings are created all in one go before anything is mounted,
> so you can't put the keyfile for /v
Am Sonntag, 30. März 2008 schrieb Florian Philipp:
> On Sun, 2008-03-30 at 09:50 +0200, Dirk Heinrichs wrote:
> > Am Samstag, 29. März 2008 schrieb Florian Philipp:
> > > My goal is to open a Luks-mapping for /var with a gpg-encrypted file
> > > on /boot and then open a mapping for /var/tmp with a
On Sun, 2008-03-30 at 09:50 +0200, Dirk Heinrichs wrote:
> Am Samstag, 29. März 2008 schrieb Florian Philipp:
>
> > My goal is to open a Luks-mapping for /var with a gpg-encrypted file
> > on /boot and then open a mapping for /var/tmp with a plaintext file
> > on /var.
>
> See below. But while w
Am Samstag, 29. März 2008 schrieb Florian Philipp:
> My goal is to open a Luks-mapping for /var with a gpg-encrypted file
> on /boot and then open a mapping for /var/tmp with a plaintext file
> on /var.
See below. But while we're at it, can anybody tell me what's the advantage of
a gpg-encrypted
Hi list!
I think I have problems understanding the way /etc/conf.d/cryptfs works.
My goal is to open a Luks-mapping for /var with a gpg-encrypted file
on /boot and then open a mapping for /var/tmp with a plaintext file
on /var.
I thought it would work with the following settings:
/etc/conf.d/cr
13 matches
Mail list logo
