Re: encrpyt harddrive without passphrase/userinput

To: debian-security@lists.debian.org
Subject: Re: encrpyt harddrive without passphrase/userinput
From: be-news06@lina.inka.de (Bernd Eckenfels)
Date: Sun, 26 Feb 2006 23:28:50 +0100
Message-id: <[🔎] E1FDUNm-0000Lo-00@calista.inka.de>
In-reply-to: <[🔎] 20060226212329.GA7226@fonebone.home>

Horst Pflugstaedt <horst@uni-duisburg.de> wrote:
>> a) it must be able to boot (remotely) without userinput/passphrase

You can use nfs-root or initramdisk from a trusted machine. 

>> b) the importtant partitions such as /etc, /var, /usr and /home must be
>> encrypted/protected.
> 
> I just ask myself why you bother encrypting a filesystem that will be
> accessible to anyone having access to the machine since it boots without
> password?

No password entry does not mean nopassword. A remote server for the password
can ensure, that the machine can only boot on the right subnet and allows
easy "earising" of all data by deleting the key on the server.

Gruss
Bernd

Reply to:

References:
- Re: encrpyt harddrive without passphrase/userinput
  - From: Horst Pflugstaedt <horst@uni-duisburg.de>

Prev by Date: Re: encrpyt harddrive without passphrase/userinput
Next by Date: Re: encrpyt harddrive without passphrase/userinput
Previous by thread: Re: encrpyt harddrive without passphrase/userinput
Next by thread: Re: encrpyt harddrive without passphrase/userinput
Index(es):
- Date
- Thread