Reply to post: I'm lost. What is being solved with this massively complex and flawed mechanism?

The D in Systemd is for Directories: Poettering says his creation will phone /home in future

Kevin McMurtrie Silver badge

I'm lost. What is being solved with this massively complex and flawed mechanism?

It sounds like he's trying to solve two problems without solving them.

First, a computer stolen while anything is decrypted is vulnerable. How does moving encryption to the user-level solve that? Assume the user decryption keys are tossed when the computer suspends. Now what at wakeup? All of every users' processes crash or lock up until each one logs in again? That seems worse than locking up the whole system in firmware until a password is provided.

Second, give user-level encryption. Why? Protect against an admin viewing everything? An admin could intercept your decryption keys just as easily. Nothing is safe if you can't trust the admin role.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019