Re: [gentoo-user] Cryptfs - Dirk Heinrichs

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Dirk Heinrichs" <dirk.heinrichs@online.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Cryptfs
Date: Mon, 31 Mar 2008 18:15:54 +0200	[thread overview]
Message-ID: <47F10E3A.1080401@online.de> (raw)
In-Reply-To: <20080331091129.5915c0f2@loonquawl.digimed.co.uk>

[-- Attachment #1: Type: text/plain, Size: 1020 bytes --]

Neil Bothwick schrieb:
> On Mon, 31 Mar 2008 07:36:52 +0100, Dirk Heinrichs wrote:
> 
>>> That still means your keys are readable all the time,  
>> By root only, chmod 400 is your friend.
> 
> But still readable.
>>> whereas mine 
>>> disappear long before the network comes up.  
>> So what? If somebody cracks into your box and gains root access, he
>> can't mount /boot and take the keys?
> 
> That's right, because the keys aren't in /boot ;-)

But they are somewhere. He who has cracked your box can simply look into
/etc/conf.d/dmcrypt to find out where your keyfile is stored and mount
that fs if needed. There's no difference in storing them on the root fs
directly, it will take the cracker just a few seconds longer to get it.

But hey, this answers my question about the sense of using gpg encrypted
keyfiles. :-)

Other possible solution is to put the keyfile(s) on an USB stick and
unplug this right after booting. I doubt I would always remember to do
so :-)

Bye...

	Dirk

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

next prev parent reply	other threads:[~2008-03-31 16:16 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-29 17:32 [gentoo-user] Cryptfs Florian Philipp
2008-03-30  7:50 ` Dirk Heinrichs
2008-03-30 11:24   ` Florian Philipp
2008-03-30 11:24     ` Dirk Heinrichs
2008-03-30 13:06   ` Neil Bothwick
2008-03-30 16:50     ` Dirk Heinrichs
2008-03-30 20:13       ` Neil Bothwick
2008-03-31  6:36         ` Dirk Heinrichs
2008-03-31  8:11           ` Neil Bothwick
2008-03-31 16:15             ` Dirk Heinrichs [this message]
2008-03-31 22:11               ` Neil Bothwick
2008-04-01  6:04                 ` Dirk Heinrichs
2008-04-01  7:49                   ` Neil Bothwick

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47F10E3A.1080401@online.de \
    --to=dirk.heinrichs@online.de \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox