Package: ecryptfs-utils Version: 64-2 Severity: important This ecryptfs-mount-private script and its friends are quite nice. But it is supposed to provide secure encryption of data to protect them from thief, I think.
But once your PC is stolen, thief can gain root access to the filesystem relatively easily. Once theif has root shell access, he can compromise password for all user accounts using brute force password cracking tools such as jack and crack packages. Then he can gain access to these encrypted files using discovered user passwords. Unless this ecryptfs-mount-private script and its friends use a different password from the one in /etc/shadow, these scripts are not really giving us real protection. Of course, dm-crypting root partition can help but if you do, you may not have as much need to use ecryptfs-mount-private script. I think the designer of this script wanted to avoid extra password dialogue. But I think they should have asked extra password just like we do for x11-ssh-askpass/ssh-askpass. If I am wrong assessing situation, excuse me. Osamu PS: I think it is still better than nothing :-) So I am using this script anyway. Thanks. PPS: I am forwarding this bug report to Mike Halcrow <[EMAIL PROTECTED]> and Dustin Kirkland <[EMAIL PROTECTED]>. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (800, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ecryptfs-utils depends on: ii libc6 2.7-16 GNU C Library: Shared libraries ii libecryptfs0 64-2 ecryptfs cryptographic filesystem ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii libgpgme11 1.1.6-2 GPGME - GnuPG Made Easy ii libkeyutils1 1.2-9 Linux Key Management Utilities (li ii libpam0g 1.0.1-4+b1 Pluggable Authentication Modules l ii libpkcs11-helper1 1.05-1 library that simplifies the intera ii libssl0.9.8 0.9.8g-14 SSL shared libraries ii libtspi1 0.3.1-7 open-source TCG Software Stack (li ecryptfs-utils recommends no packages. Versions of packages ecryptfs-utils suggests: pn auth-client-config <none> (no description available) ii opencryptoki 2.2.6+dfsg-5 PKCS#11 implementation for Linux ( -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
