Yes, short answer is, if you can't trust your filesystem (or more directly the OS with access to it), you've already been owned, and the train has already left the station.
If it's that secret (read NSA guidelines on security as they're actually not half bad....), then you need another factor (physical and knowledge) to add into the mix. And that's not possible to automate, no matter what Tom Cruise does in Mission Impossible :-) Have a nice weekend. andy Travis H. wrote: > On 8/29/06, DarkFoon <[EMAIL PROTECTED]> wrote: >> I was looking through my XML configuration recently, and I noticed >> that my >> Dynamic DNS password is not encrypted like the PFsense password is. >> It seems to me that this is a rather important password and should be >> encrypted (if possible). > > This is also true of other programs, such as gaim. > Your IM passwords are stored in plaintext, for the same reasons. > The best way to deal with this is to make your home directory encrypted, > but that rules out unattended mounting almost by definition. > Take a look at truecrypt for one cross-platform open-source tool > that supports steganography as well. > > Another way to deal with it would be to use something like a keychain > program > (similar to ssh-agent) to give the daemon the key, or to get it from > another > machine (if you wish to have unattended boots with /home mounted). Of > course if you're worried about power outages, you will want to UPS > that other machine, > and/or have a generator with automatic switchover from the grid. One > advantage of natural gas generators is not having to be there to > refill it with fuel.
