he is saying use a random key for the disk. and encrypt this key with your password. so changing your account password you just have to re-encrypt the disk key.
kind of like your passwd protected gpg private key. - Zac On Thu, 1 Dec 2005 11:14:59 -0800, Ted Unangst <[EMAIL PROTECTED]> wrote: > On 12/1/05, dreamwvr <[EMAIL PROTECTED]> wrote: >> >I thought about a way of de-/encrypting home-directories transparently > to >> >users. I've got a vague idea how to realize this in a reasonable way: >> > >> >* Generate a key, associate it with a new svnd-image, prepare the > image >> >* Encrypt the key with the users login password, store it in /home >> >* On login, decrypt the key with the password >> >* Pass the decrypted key to vnconfig and mount the image on $HOME >> >This has some consequences, like >> >- creating a new login facility login_decrypt (or sth. similar) >> >- writing a program for keyfile/image generation and password changing >> >- modify vnconfig to read keys from other sources than stdin >> > >> >Since I already got some code, it might be smart to ask now for some >> >feedback before heading into a completely wrong direction. >> >There are probably better ways to accomplish this, so generally > opinions >> >regarding the issue would be cool. >> > >> >All the best, >> >/Markus >> Markus, >> If the key used to decrypt some $USER is their password. It might be >> useful to centralize via the master.passwd db. No extra file >> needed in the $USER $HOME. eg: .hushlogin like scenario. > > you want a different key for the disk and the user, otherwise the user > can never change their password.
