You are not logged in.

#1 2010-02-12 01:10:39

csmart
Member
From: Australia
Registered: 2008-11-07
Posts: 12
Website

Non-encrypted root stores passphrase for mountpoints in cleartext

If you install Arch (2009.8) and do not encrypt root (/), but rather only a specific mountpoint such as /home, the passphrase is stored in cleartext in /etc/crypttab. The problem is, an attacker could simply mount root and grab the passphrase. If root is also encrypted then this is not a problem, but if root is not encrypted then it's certainly is.

So, currently the installer puts the passphrase directly into crypttab, even if root itself is not encrypted. Should the installer set this to "ASK" by default when root itself is also not encrypted?

I couldn't seem to find a bug report on this, but thought it's worth discussing first. If this describes your situation, perhaps you should change it yourself.

-c

Offline

Board footer

Powered by FluxBB