Hey Christoph, On 04/02/2011 Christoph Anton Mitterer wrote: > On Fri, 2011-02-04 at 00:11 +0100, Jonas Meurer wrote: > > for security reasons > Which are these?
the same as for every login system that locks after X failed retries. simply the reason, that invaders don't have infinitive retries to guess the passphrase. and yes, this is no real security, as anybody with physical access will just take the harddisk and use his own operating system for attacking the encryption. but another common szenario (especially for laptops) is, that someone around tries to guess the passphrase while you're not at home, on toilet, whatever. and for this szenario, the default of three retries is sane. > > and since cryptsetup upstream has a default of > > three retries > Well because upstream cryptsetup just doesn't have any direct support > for booting encrypted root-fs-systems. > > I've just thought that change would be a convenience setting for those > users, where setting anything else then =0 doesn't make sense anyway. i guess i don't get that argument. if i got it right, then simply turn it around: the current default is a convenience setting for those users who're happy with it. to be honest, neither the arguments for, nor against the change of default retries (at initramfs) are very strong. it's a matter of taste to me. if more users will complain, then I'm happy to change the default. is that ok for you? greetings, jonas
signature.asc
Description: Digital signature
