On Sat, Jan 26, 2008 at 08:56:14 -0800, Richard England <rlengland@xxxxxxxxxxx> wrote: > I'm not much help in this area but I think the OPs issue is having a > script with an embedded password. If the script has to sudo or su to > the correct environment to mount the drive and/or perform the backup to > a drive with the encryption scheme the password would be in plain text > and therefore compromised. A more useful answer would be why is the script mounting the device? It seems it would be more normal to have someone who knows the password enter it when the device is first plugged in. The script could just check to see if the device is available when it runs (and send some sort of reminder if it isn't). If the answer to the above question is because he doesn't want the encrypted drive mounted all of the time, then it would be useful to hear what the threat model is that produces that requirement.
