On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote:

> > I use a variant of this, where keys are stored on a dedicated
> > partition. The pre_mount and post_mount (which unmounts the
> > filesystem) ensure that the keys are only visible for as long as it
> > takes to mount the other filesystems.
>
> I protect the root fs with a passphrase and all other volumes with a
> keyfile stored in this fs. No need to mount anything (however, I _do_
> need an initramfs because of this).

That still means your keys are readable all the time, whereas mine
disappear long before the network comes up.


--
Neil Bothwick

Remember, it takes 47 muscles to frown
And only 4 to pull the trigger of a sniper rifle....