On Tue, 18 Mar 2008 17:56:30 +0100, Florian Philipp wrote:

> Third idea: Using a dedicated volume for storing the plaintext key.
> Cumbersome, doesn't reduce the risk that srm isn't enough to protect the
> key.

You could use an encrypted volume to store the key. Your init script asks
for the key for that volume, then all other volumes use key(s) stored on
that volume. I do this, but have no idea how it will work with suspend.


-- 
Neil Bothwick

Light travels faster than sound. This is why some people appear bright
until you hear them speak.