2011/4/25 ssc1478 <ssc1...@aim.com> > On Mon, Apr 25, 2011 at 6:48 AM, Steve Searle <st...@stevesearle.com> > wrote: > > Around 10:34am on Monday, April 25, 2011 (UK time), Gregory Hosler > scrawled: > > > >> putting the passphrase into /etc/crypttab does make it readily available > (which > >> reduces the effectiveness of encrypting to begin with). > >> > >> However ... crypttab has allowance of putting the passphrase into a > file. By > >> doing so, and then chown root:root combined with chmod 400, only the > root user > >> has availability of the passphrase. This allows the partition to be > persistently > >> mounted at boot time w/o directly compromising the passphrase. > >> > >> Should someone crack the root account, you probably have more serious > problems > >> than worrying about the encrypted password... > > > > I see encryption's value aparticularly tparticularly defending against > > data loss because the computer has been stolen, where it could then be > > booted at run level 1. And possibly against access by an intruder into > > the building. > > > > So not sure what value there is in setting up the encryption password in > > /etc/crypttab - or have I misunderstood something? > > > > Steve > > This is exactly why I encrypt the home directory - to defend against > theft. But entering the passphrase at every boot each time is not all > that friendly.
I have the same setup - but I let GDM autologin into Gnome. So, on a cold-boot, I still have to enter just one password.
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
