[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Musings about on-disk encryption in Fedora Core



On Mon, 2004-07-05 at 21:12, Alan Cox wrote:
> On Mon, Jul 05, 2004 at 09:04:36PM +0200, Nils Philippsen wrote:
> > - with passphrase: key is generated by hashing a passphrase typed in
> > while booting
> > - key is a file on a USB stick
> > 
> > The other information or configuration I was referring to is cipher
> > algos, key lengths, ... for certain devices which can be kept as an
> > ordinary configuration file beneath /etc.
> 
> Providing they are not needed you can keep them there, you need the root
> fs info elsewhere because otherwise you need to decrypt / to decrypt /.
> 
> /boot on the other hand cannot be encrypted usefully without hardware
> key systems because then you cannot boot off it.

Yes, of course. I was expressing myself not that understandable I
presume...

Nils
-- 
     Nils Philippsen    /    Red Hat    /    nphilipp redhat com
"They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety."     -- B. Franklin, 1759
 PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]