Am Dienstag, 1. April 2008 schrieb ext Neil Bothwick:
On Mon, 31 Mar 2008 18:15:54 +0200, Dirk Heinrichs wrote:
That's right, because the keys aren't in /boot ;-)
But they are somewhere. He who has cracked your box can simply look
into /etc/conf.d/dmcrypt to find out where your keyfile
On Tue, 1 Apr 2008 08:04:10 +0200, Dirk Heinrichs wrote:
Not without the password. That filesystem uses a password, not a
keyfile.
You didn't tell this before. Now I finally got the whole picture.
You're right. I thought I had but checking back I see I didn't actually
mention that. I
Am Sonntag, 30. März 2008 schrieb ext Neil Bothwick:
On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote:
I protect the root fs with a passphrase and all other volumes with a
keyfile stored in this fs. No need to mount anything (however, I _do_
need an initramfs because of this).
On Mon, 31 Mar 2008 07:36:52 +0100, Dirk Heinrichs wrote:
That still means your keys are readable all the time,
By root only, chmod 400 is your friend.
But still readable.
whereas mine
disappear long before the network comes up.
So what? If somebody cracks into your box and
Neil Bothwick schrieb:
On Mon, 31 Mar 2008 07:36:52 +0100, Dirk Heinrichs wrote:
That still means your keys are readable all the time,
By root only, chmod 400 is your friend.
But still readable.
whereas mine
disappear long before the network comes up.
So what? If somebody cracks
On Mon, 31 Mar 2008 18:15:54 +0200, Dirk Heinrichs wrote:
That's right, because the keys aren't in /boot ;-)
But they are somewhere. He who has cracked your box can simply look into
/etc/conf.d/dmcrypt to find out where your keyfile is stored and mount
that fs if needed.
Not without the
Am Samstag, 29. März 2008 schrieb Florian Philipp:
My goal is to open a Luks-mapping for /var with a gpg-encrypted file
on /boot and then open a mapping for /var/tmp with a plaintext file
on /var.
See below. But while we're at it, can anybody tell me what's the advantage of
a gpg-encrypted
On Sun, 2008-03-30 at 09:50 +0200, Dirk Heinrichs wrote:
Am Samstag, 29. März 2008 schrieb Florian Philipp:
My goal is to open a Luks-mapping for /var with a gpg-encrypted file
on /boot and then open a mapping for /var/tmp with a plaintext file
on /var.
See below. But while we're at
Am Sonntag, 30. März 2008 schrieb Florian Philipp:
On Sun, 2008-03-30 at 09:50 +0200, Dirk Heinrichs wrote:
Am Samstag, 29. März 2008 schrieb Florian Philipp:
My goal is to open a Luks-mapping for /var with a gpg-encrypted file
on /boot and then open a mapping for /var/tmp with a
On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote:
However, the setup doesn't work. I'm not asked for the passphrase, the
mappings are not created. What did I forget?
That the mappings are created all in one go before anything is mounted,
so you can't put the keyfile for /var
Am Sonntag, 30. März 2008 schrieb Neil Bothwick:
On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote:
However, the setup doesn't work. I'm not asked for the passphrase, the
mappings are not created. What did I forget?
That the mappings are created all in one go before anything is
On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote:
I use a variant of this, where keys are stored on a dedicated
partition. The pre_mount and post_mount (which unmounts the
filesystem) ensure that the keys are only visible for as long as it
takes to mount the other filesystems.
Hi list!
I think I have problems understanding the way /etc/conf.d/cryptfs works.
My goal is to open a Luks-mapping for /var with a gpg-encrypted file
on /boot and then open a mapping for /var/tmp with a plaintext file
on /var.
I thought it would work with the following settings:
13 matches
Mail list logo
