OK, so I will admit that I am out of the loop with regards to #2. But I still have an issue with storing and passwords required to open key files in the clear. Is there some function that will handle this for me...
Assuming that the file is sensibly protected with OS security if an attacker is able to read this file then the chances are they already own the box or are well on the way to owning it and you have much bigger problems.
As always with security, you need to consider the all of threats to your system, the possible mitigation actions and the balance between effort/cost of the mitigation and the acceptable level of risk for your system.
In my experience the balance is usually in favour of availability rather than using a password on startup but each system is unique.
Mark
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
