Musings about on-disk encryption in Fedora Core
Alan Cox
alan at redhat.com
Mon Jul 5 19:12:46 UTC 2004
On Mon, Jul 05, 2004 at 09:04:36PM +0200, Nils Philippsen wrote:
> - with passphrase: key is generated by hashing a passphrase typed in
> while booting
> - key is a file on a USB stick
>
> The other information or configuration I was referring to is cipher
> algos, key lengths, ... for certain devices which can be kept as an
> ordinary configuration file beneath /etc.
Providing they are not needed you can keep them there, you need the root
fs info elsewhere because otherwise you need to decrypt / to decrypt /.
/boot on the other hand cannot be encrypted usefully without hardware
key systems because then you cannot boot off it.
More information about the fedora-devel-list
mailing list