update-notifier message about recording mount passphrase
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ecryptfs-utils (Ubuntu) |
Fix Released
|
High
|
Dustin Kirkland | ||
Jaunty |
Fix Released
|
High
|
Dustin Kirkland |
Bug Description
Binary package hint: ecryptfs-utils
The ecryptfs-
By default, ecryptfs-
If executed on the command line, a message such as the following is displayed to the terminal:
*******
YOU SHOULD RECORD THIS MOUNT PASSPHRASE AND STORE IN A SAFE LOCATION:
f436f2db331b520
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
*******
Jaunty now supports configuring an encrypted-home directory in the installer itself (with the preseed option user-setup/
When this happens, a random mount passphrase is generated, but the user is not given the opportunity to record this passphrase (it was decided that this would interrupt the install experience).
What we desperately need, then, is for ecryptfs-
1) That a strong, random mount passphrase has been generated to encrypt their home directory
2) That this passphrase should be recorded (written down, printed), and stored in a separate location
3) That this passphrase would be needed if manual data recovery is ever necessary
4) How to go about retrieving this passphrase
$ ecryptfs-
Passphrase: foobar
f436f2db331b5
Martin Pitt has offered to help with this. I hope it can still make Jaunty.
:-Dustin
Related branches
Changed in ecryptfs-utils (Ubuntu): | |
assignee: | nobody → pitti |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in ecryptfs-utils (Ubuntu Jaunty): | |
importance: | Critical → High |
Changed in ecryptfs-utils (Ubuntu Jaunty): | |
status: | Triaged → In Progress |
It just occurred to me that this might get much more tricky than I thought. update-notifier messages are system level, thus (1) only admins will see such a note if I'm not mistaken, and (2) once the first admin ack'ed it, other users won't see it any more.
What we want is a per-user notification. Maybe we can abuse the messaging system that gnome-screensaver has, or otherwise just use libnotify-send. I'll ponder this a bit.