cepheus11 |
01-07-2015 03:19 AM |
Quote:
Originally Posted by Ulysses_
(Post 5296706)
...with different keys each container, then the passphrase has to stay in ram or you type it over and over
|
Wrong: Keyfiles are an alternative to passphrases. Although they are named "key"files, they have nothing to do with the actual "key" but function exactly like passphrases. They are not in RAM the whole time, but are accessible through the local filesystem. If this is better or worse, your decision. If you run your browser with a different user account using
Code:
gksudo -u browseruser
you could protect the keyfiles from being read by the browser.
Both cryptsetup-luks and truecrypt can use keyfiles instead of passphrases or in addition to passphrases.
|