[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Trouble with encrypted filesystems

Florian Kulzer wrote:

> The main advantage of pmount is that it allows all members of the
> "plugdev" group to mount pluggable devices. This eliminates the need to
> add entries for pluggable devices to /etc/fstab. Since I use pmount
> anyway I like the fact that it automatically recognizes LUKS partitions
> and asks for the passphrase.

Sounds good. Does that mean that as soon as I plug my disk into the USB
slot, it gets recognized and I get asked for the passphrase? Does it
automatically identify different devices/partitions and handles them
accordingly? I know partitions have something unique called a UUID and
that this can somehow be used to automatically detect and discern
pluggable devices, but I haven't found any "beginner's tutorial" on how
to use that feature.

> The main advantage of using LUKS is, AFAIK, that it allows you to change
> your passphrase without having to re-encrypt all your data (while still
> being "safe"). I do not know cryptmount well enough to compare it in
> detail to cryptsetup; from the package description I get the feeling
> that cryptmount has very similar features, except for LUKS support.
> (Maybe it has another mechanism to achieve the same thing, though.)

Well, the data on the disk is encrypted using a non-changing key which
is generated once by a random generator. This key, in turn, is scrambled
with your passphrase, so you can indeed change the passphrase by
re-encrypting just the key. I'm sure LUKS uses a similar method because
otherwise it would indeed have to re-encrypt the entire disk.

Does LUKS or the USB automount system have any "hooks" into which I can
plug stuff I want to be automatically executed upon mounting a device?
That would be neat because that's where I'd put the "renice" kludge.


Attachment: signature.asc
Description: PGP signature

Reply to: