[NBLUG/talk] Crypt Filesystems

Scott Doty scott at corp.sonic.net
Fri Jul 28 17:15:46 PDT 2006


On Fri, Jul 28, 2006 at 01:52:56PM -0700, Walter Hansen wrote:
> Also I found that there is a built in way to automaticly provide
> passphrase. You set the file handler "-p 3" (such as 3) and then use "<3
> /etc/passphrase".

I suggest not having a copy of the passphrase on the system in question --
if you need it to be automated, perhaps storing it on another system,
available via inetd, with tcp.wrappers only allowing its IP to get the
passphrase...

The idea is that the bad guy who physically removes the drive will find that
the key is nowhere to be found on the drive -- and, can't get the key without
being (at the very least) on the backup system's network.

Just more 2cents...

 -Scott



More information about the talk mailing list