On Mon, 2008-01-21 at 14:06 +0200, Ahmed Kamal wrote: > That's cool. I guess the real issue is when booting the system and > decrypting. I guess we would need to change some initscripts ? to do > the same
How exactly will this help if you don't dynamically pull the encryption key during boot? If you just hard code the encryption in the initscript on the boot disk then someone stealing the disk still has all the information required to decode the data, and trivially at that. Of course you could modify your init scripts to parse out some unique piece of information out of the system to use for the encryption key (like maybe the UUID or system serial number from dmidecode) but isn't someone just as likely to steal the entire hardware as just the disk? Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
