[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Musings about on-disk encryption in Fedora Core



On Mon, 2004-07-05 at 20:56, Alan Cox wrote:
> On Mon, Jul 05, 2004 at 07:58:37PM +0200, Nils Philippsen wrote:
> > initrd rather in the normal initscripts so that configuration (which
> > real device gets mapped to what dm device, cipher to be used, key
> > length, ...) is on /etc were possible and _not_ hidden in the initrd.
> 
> Without the key you can't get to the rootfs so I am not sure where else
> you would put such things for the interesting cases. Maybe a link would
> be appropriate from /etc (as with grub.conf ?) to files on /boot ?

I don't know whether I understand you correctly:

- with passphrase: key is generated by hashing a passphrase typed in
while booting
- key is a file on a USB stick

The other information or configuration I was referring to is cipher
algos, key lengths, ... for certain devices which can be kept as an
ordinary configuration file beneath /etc.

Nils
-- 
     Nils Philippsen    /    Red Hat    /    nphilipp redhat com
"They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety."     -- B. Franklin, 1759
 PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]