[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making encrypted $HOME as easy and convenient as possible

On Mon, Sep 12, 2011 at 09:41:12AM +0200, Rolf Kutz wrote:
[...]
> An encrypted /home can still be backuped easily by administrators
> without being able to see inside.

An administrator (assuming by administrator you mean root or an
account with access to root-level privs) can easily trojan the
necessary bits of the system and then lie in wait to capture the
authentication credentials or the decrypted data itself, unless
encryption and decryption is only ever done on a separate remote
system to which the administrator has no privileged access.
-- 
{ IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
WHOIS(STANL3-ARIN); SMTP(fungi@yuggoth.org); FINGER(fungi@yuggoth.org);
MUD(kinrui@katarsis.mudpy.org:6669); IRC(fungi@irc.yuggoth.org#ccl); }
Reply to: