Tom Sightler wrote:
> On Mon, 2008-01-21 at 14:06 +0200, Ahmed Kamal wrote:
>  
>> That's cool. I guess the real issue is when booting the system and
>> decrypting. I guess we would need to change some initscripts ? to do
>> the same
>>  
>
> How exactly will this help if you don't dynamically pull the encryption
> key during boot? If you just hard code the encryption in the initscript
> on the boot disk then someone stealing the disk still has all the
> information required to decode the data, and trivially at that.
>
> Of course you could modify your init scripts to parse out some unique
> piece of information out of the system to use for the encryption key
> (like maybe the UUID or system serial number from dmidecode) but isn't
> someone just as likely to steal the entire hardware as just the disk?
>
> Later,
> Tom
>  
I think the implication was to dynamically pull the serial for
production use while hard-coding the pre-recorded serial number for
service or recovery purposes.

Jason

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list