On 19/03/13 13:39, Alberto Mardegan wrote: > [...] >> Finally, one last aside... wouldn't full filesystem encryption remove >> the need for a secret storage service? AFAIK, it hasn't yet been >> discussed in the context of Touch. > That's a good thing to discuss. However, full disk encryption might > impose some hardware requirements to get a decent speed, and in any case > one must decide how to store the key to the filesystem.
They are complementary. If you look through the freedesktop API, it specifies a "plain" storage mode where you don't encrypt. So you could have plain storage if the device already has full disk encryption and encrypted storage if it doesn't. I would be quite uncomfortable with that though because if you don't use any encryption in the keyring, everything is in clear once you're logged in so any piece of software that you run as a user could read your passwords by just reading the file direct and bypassing the API. And of course, there's the key to the file system to take into account. Bruno -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
