Re: mlock(1)

From: Nigel Cunningham
Date: Fri Sep 24 2004 - 19:26:41 EST


Hi.

On Sat, 2004-09-25 at 09:59, Bernd Eckenfels wrote:
> In article <20040924225900.GY3309@xxxxxxxxxxxxxxxxx> you wrote:
> > laptop (currently suspend dumps into the swap the cleartext key of any
> > cryptoloop device, making cryptoloop pretty much useless). And the good
> > thing is that it won't even need to ask for a password.
>
> Where would you store the key for the suspend image without asking?

You should really reply-to-all, not just to LKML. I've added the
original recipients back.

I have to admit that I'm not sure. I haven't begun to try to write the
support yet, or even look at how the other implementations do
encryption. (Pointers welcome!) I assume there should be some option to
save it in a file and get it via the initrd, and/or perhaps require the
user to type in a passphrase at the lilo prompt.

>From what I have seen, random keys are sometimes chosen. I guess the
point there is not so much to protect access to the image as to obscure
it? If so, the existing compression support in suspend2 probably helps
satisfy this requirement.

Regards,

Nigel

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/