ecryptfs-devel team mailing list archive

[Dustin Kirkland <kirkland@xxxxxxxxxxxxx>]

On Mon, Oct 5, 2009 at 11:04 AM, Dave Hansen <dave@xxxxxxxx> wrote:
> I don't know for sure.  Another variable I've thrown in is that I moved
> distros.  I still have the old filesystem, but I don't see a trace of
> an .ecryptfsrc in either that one or my current distro.
>
> The data weren't important -- just some rsync'd backup files.  I'm just
> curious to figure out what stupid thing I did so that I don't do it
> again. :)

I'll lay a modest bet on a salt mismatch.  I'd bet when you originally
setup this mount, you chose a passphrase, and a non-default salt,
which was stored in .ecryptfsrc.  Somewhere along the line, you lost
your .ecryptfsrc and hence your salt.

Obviously, I don't know your setup, but the above is relatively
likely.  Likely enough that I, myself, made this very mistake about 3
years ago, and yes, lost some data in the process :-)

It's for this reason that we've chosen not to use a salt in the
default Ubuntu encrypted home directory setup.  The mount passphrase
is already randomly generated, which thwarts dictionary attacks.  We
decided that the extra bits of security offered by a salt were not
worth the inevitable inadvertent loss of salt by legitimate users of
ecryptfs.

:-Dustin