(The rewrite pulled strong random numbers out of /dev/random and wrote them to a mode 0600 file in ~, then used that as the key. I pointed out that this was as secure as we could make it without external key storage on a more secure medium or a requirement for users to type in passphrases, but that the security of the whole system was still no better than the security of the random key file, rendering all the password-protection pointless since we could just have stored the passwords unencrypted in the users' home directories mode 0600 and got exactly the same level of security. But, no, the spec said encryption so encryption we must have.)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds