Comment 5 for bug 906550

Marco Gamberoni (gamberoni) wrote :

ecryptfs-setup-private should also add a per-user salt in .ecryptfsrc
   salt=<16 random hex digits>
Beware, anything else than 16 hex digits is silently ignored.

The lack of an .ecryptfsrc with a salt= stanza in the standard eCryptfs configuration set up by ecryptfs-setup-private has a security implication: all installations end up wrapping (encrypting) the mount passphrase with the user login password and the DEFAULT SALT VALUE.
A unique salt value among almost all installations makes them a convenient target for a rainbow table attack on the wrapped-passphrase file.

I read in the 2005 document "eCryptfs: An Enterprise-class Cryptographic Filesystem for Linux by Michael Austin Halcrow" that .ecryptfsrc files were intended as "Apache-like policy definition files", but a quick look at actual source code gives me the impression this is not as things stand.
The path ~/.ecryptfsrc is hard coded in cmd_ln_parser.c, which is inconvenient for the common case of encrypting the whole home directory.
I suggest .ecryptfsrc should reside in /home/.ecryptfs/$LOGNAME/.ecryptfs/ config directory, along with wrapped-passphrase, Private.sig, and other configuration information.
I got here because I am dabbling with a config package to implement mandatory eCryptfs encrypted home for all users of a system, and started looking into how pam_ecryptfs does its job. IMHO, removing the hard coded defaults from ecryptfs-utils and implementing and documenting a configuration file should have higher priority than wishlist.

Moreover, .ecryptfsrc does not look to me as an appropriate place for the salt value. Like in /etc/shadow, the sensible place to store the salt is alongside the hash: in wrapped-passphrase.