James McKenzie wrote:
> On 5/1/11 5:18 PM, Bill Davidsen wrote:
>> Gregory Hosler wrote:
>>> Hash: SHA1
>>> On 04/25/2011 09:48 AM, Digimer wrote:
>>>> On 04/24/2011 09:46 PM, ssc1478 wrote:
>>>>> Hi,
>>>>> I'm new to Fedora - been using Ubuntu for years.  I just installed
>>>>> Fedora 14 to my laptop and selected to encrypt /home.
>>>>> When I boot, I have to enter the password for the encrypted directory.
>>>>>     Did I set it up wrong?  I didn't expect to have to enter the password
>>>>> at boot but instead thought the login password would be enough.
>>>>> Thanks!
>>>>> Phil
>>>> It encrypts the partition, so when the system tries to mount /etc/fstab
>>>> partitions, of which /home is likely one, it requires the password then.
>>> alternately, you can setup /etc/crypttab so that the password is not entered
>>> manually.
>> This adds no security at all from the encryption. The only reason to use
>> encryption and then build in the pass phrase is to allow you to claim that 
>> the
>> data was encrypted if you lose the machine, therefore giving you legal cover 
>> if
>> the data you lost belongs to customers. I can't decide if that's a sleazy 
>> legal
>> trick to provide cover without the effort to have security, or if it just 
>> shows
>> how little the average user knows about security in the first place.
> False security is worse than no security at all.  Never store a
> passphrase on a readable device.  It should be stored in the brain, just
> like passwords and such.  BTW, this would never pass a security
> inspection at any of the places I've worked at.
It satisfies legal requirements to encrypt sensitive data which is all the bean 
counters and lawyers care about. They are not required to actually protect your 
information. :-(

Bill Davidsen <david...@tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

users mailing list
To unsubscribe or change subscription options:
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Reply via email to