[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: encrypted root fs
- From: Russell Coker <russell coker com au>
- To: fedora-devel-list redhat com, Josiah Royse <jroyse gmail com>
- Cc:
- Subject: Re: encrypted root fs
- Date: Tue, 17 Aug 2004 12:36:17 +1000
On Tue, 17 Aug 2004 00:47, Josiah Royse <jroyse gmail com> wrote:
> On Mon, 16 Aug 2004 23:40:55 +1000, Russell Coker <russell coker com au>
wrote:
> > > If the goal is for an encrypted filesystem- why not just have a script
> > > interface early on in the boot process to prompt for a password for
> > > the encrypted file system - in order to mount the encrypted ones? Or
> >
> > I am thinking of making it an option to take a file of random data, a
> > user-entered password, or an XOR of both of them.
>
> I like it! Basically a poor-man's smartcard of sorts. Much easier to
> test/develop for since USB keys are easy to find.
Yes.
> Removing the USB key after boot in this senario would not affect it,
> since the key is read once, correct? Down the road perhaps the UI
My idea is that the USB device would be used for /boot. So it would not need
to be installed all the time, but it would be required for kernel upgrades.
> would be patched to recognize the removal of the smartcard/like device
> and lock the screen. Just a thought!
Eventually we'll get to such things. SE Linux is one of many parts of the Red
Hat security plan. Many more things will come in RHEL 5 and beyond.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]