On Friday, 05.03.2004 at 11:17 +0000, Matt Clark wrote:
> > What's wrong with using a LoopAES filesystem? It protects against
> > someone walking off with the server, or at least the hard disk, and
> > being able to see the data.
>
> Yes, but only if the password has to entered manually [1] at boot
> time. And it gives zero protection against someone who gains root
> access to the server.
>
> [...]
>
> [1] There are ways of avoiding having to enter the info manually, but
> they're very tricky to implement securely.
Not sure I follow this - there's no point AT ALL in using LoopAES if you
can mount the encrypted partitions without needing manual intervention
at boot time.
Dave.
--
Dave Ewart
Dave.Ewart@cancer.org.uk
Computing Manager, Epidemiology Unit, Oxford
Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370