On Mon, May 08, 2006 at 05:22:26PM -0600, Andrew McNabb wrote: > On Mon, May 08, 2006 at 05:57:03PM -0500, Michael Halcrow wrote: > > As soon as my team finishes with the PKI support in eCryptfs this > > summer, I *will* be using the TPM in my laptop to > > cryptographically lock my files to my machine; that's the sort of > > thing for which I personally find the TPM to be useful. > > So if your motherboard dies you have to reformat your hard disk? Am > I understanding this correctly?
Only if you have encrypted each and every file on your hard disk with
the same key, since eCryptfs works on a per-file basis. If your
hardware fails, you will lose any files for which you have not taken
steps to escrow the key (i.e., m/n-threshold sharing among your bank
safety deposit box, your office desk drawer, and a box buried in your
back yard). Most of the time, it is probably sufficient to print out
your key on a piece of paper and keep it in a locked drawer. It
depends on how paranoid you are.
Mike
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769
"Oop. Ack. Phbbbbbbbbbt." - Bill the Cat
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
