MokSec - The Security Framework

arne anka openmoko at ginguppin.de
Mon Jul 14 15:26:15 CEST 2008


> How would being root help somebody decrypt a filesystem?  Accessing an
> encrypted filesystem should depend only on having the correct key.

well, to be really usefull the fs should be mounted transparently (hacking  
in the passphrase on every access seems utterly tedious with that tiny  
keyboard -- and would probably add to the exposure risk).
or you need to store the passphrase somewhere on the fr and access it by  
some automatic.
in both cases somebody finding or stealing your fr would be able to read  
your encrypted data.

please, correct me, if i am wrong.




More information about the community mailing list