From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Jg3v2-0000Ha-DI for garchives@archives.gentoo.org; Sun, 30 Mar 2008 20:14:20 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CE41BE0663; Sun, 30 Mar 2008 20:13:05 +0000 (UTC) Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by pigeon.gentoo.org (Postfix) with ESMTP id 92DA3E0663 for ; Sun, 30 Mar 2008 20:13:05 +0000 (UTC) Received: from loonquawl.digimed.co.uk (loonquawl.digimed.co.uk [192.168.1.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.digimed.co.uk (Postfix) with ESMTPSA id 98EDA3268AB for ; Sun, 30 Mar 2008 21:13:04 +0100 (BST) Date: Sun, 30 Mar 2008 21:13:04 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Cryptfs Message-ID: <20080330211304.1e9506aa@loonquawl.digimed.co.uk> In-Reply-To: <200803301851.04547.dirk.heinrichs@online.de> References: <1206811941.13252.13.camel@NOTE_GENTOO64.PHHEIMNETZ> <200803300950.53721.dirk.heinrichs@online.de> <20080330140644.63d0bf61@loonquawl.digimed.co.uk> <200803301851.04547.dirk.heinrichs@online.de> Organization: Digital Media Production X-Mailer: Claws Mail 3.3.1cvs45 (GTK+ 2.12.9; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAMFBMVEX///9/OBwcKrgODnFG1FTxxqqqxpxGOBwOnA7/1dQOHBxiVH8OABwOVA4Of3G4cXD8PZSwAAAAAXRSTlMAQObYZgAAAhZJREFUOI2l082L00AUAPAcbLS7isypB4VC8w+Iubl78JDDeAj0UnC91KKIomCL2MEa6CWHQRjYgygLwi4IroQIpSCiu0KlsILOooeuW1vmT1jYHtawsDJOJh/9SHPyQUgyP+a9mZeMovxHqPU0OSimwN2fc4df3Dnzy7iWHL+NMe6xq8nKEEKC7ZvJCbZtEBsPExMMo+cDm61/CppyBtlPZDINCWymimETA0qYzqVCg4Xwe7qEGQJmezO1YR/Og+d2DNM1rtuQ2ZD0ktDDA+zD9HLvbx308eAtZH1C2McJeLrlCtg1h58JcWl1DKhBGR58Mx/+NZ9RfTlOlkVXdt+RfWTVPUS7ur40BtRhePig+cSzqC6iFcFmo3MO752ucWDpmi8xOB0VbmRq3Ltc0Lviao1BMYtKJZ9ra8sCtEshOM5G5r1oMSi2NSqgoMdQVcS/lj1auUXdCVBR4829NUUplconnVc+aEERgJwvAKBas8TpzlkJQRGEXARE5Mve17pKfQj2eIIc6sdjfpHuLMgZQZFswz1eE1EeWT+qj8S4gFUJr91DeV9ZX7e6BQmtYLlu2NDzOUr19iSEJ6aSa3JuLcV93HRXAwD5Eud8W7Q+SIGssJ3gyAfudcOtf4igIjbvy/b34P1GBBkJI3DhMHhfiCArM4kmhKtcjCEcP46+uhM9qKMRyP8ZH/dPSkq8TIPFNJgX/wBV+wZAZEipVgAAAABJRU5ErkJggg== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/zC4/VAa.6MxURNacfUsPbKH"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 0ef42bde-58a8-4305-9d1c-4c0dbbbcc2ea X-Archives-Hash: 594bf05c32f11b5eda0076ef1d21666f --Sig_/zC4/VAa.6MxURNacfUsPbKH Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote: > > I use a variant of this, where keys are stored on a dedicated > > partition. The pre_mount and post_mount (which unmounts the > > filesystem) ensure that the keys are only visible for as long as it > > takes to mount the other filesystems. =20 >=20 > I protect the root fs with a passphrase and all other volumes with a > keyfile stored in this fs. No need to mount anything (however, I _do_ > need an initramfs because of this). That still means your keys are readable all the time, whereas mine disappear long before the network comes up. --=20 Neil Bothwick Remember, it takes 47 muscles to frown And only 4 to pull the trigger of a sniper rifle.... --Sig_/zC4/VAa.6MxURNacfUsPbKH Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkfv9FAACgkQum4al0N1GQNingCfZ9QVA9S4DT/DuckEFAMMb6cp 5AUAoJowf5uBAxC5oI2LBjWCvvUTBB7q =dFx6 -----END PGP SIGNATURE----- --Sig_/zC4/VAa.6MxURNacfUsPbKH-- -- gentoo-user@lists.gentoo.org mailing list