Bug#371135: [Pkg-cryptsetup-devel] Bug#371135: An alternate proposal
Jonas Meurer
jonas at freesources.org
Tue Jun 20 16:36:23 UTC 2006
On 17/06/2006 Daniel Kahn Gillmor wrote:
> Thanks for the interesting discussion, all! Crypted swap with
> randomly-generated keys *is* useful. But it's also a fundamentally
> dangerous operation, and hard (if not impossible) to protect against
> user error in an automated way.
>
> Here's an alternate proposal: leave all of the initscripts as they
> stand, and for folks who want to use a crypted swap (or tmp?) device
> with a random key, suggest that they append "check=/bin/true" to their
> option list in /etc/crypttab.
i don't like the idea, it adds just another bar for the user and doesn't
really protect anything.
if admins configure a device as encrypted swap in /etc/crypttab, they do
so because they believe that they took the correct device. and here,
they will for sure add the additionally needed 'check=/bin/true' or
whatever too.
basicly i agree with others, that the admin is responsible for his/her
actions and should know what he/she does.
the only thing we could do, is to check for facts which ensure that the
source device contains unencrypted data, and to warn the admin about
known risks.
...
jonas
More information about the Pkg-cryptsetup-devel
mailing list