Re: [swsusp] encrypt suspend data for easy wiping

[Matt Mackall]

On Mon, Jul 25, 2005 at 08:10:36PM -0700, Andrew Morton wrote:
> Andreas Steinmetz <ast@xxxxxxxx> wrote:
> >
> > the attached patches are acked by Pavel and signed off by me
> 
> OK, well I queued this up, without a changelog.  Because you didn't send
> one.  Please do so.  As it adds a new feature, quite a bit of info is
> relevant.

I don't like this patch. It reinvents a fair amount of dm_crypt and
cryptoloop but badly. 

Further, the model of security it's using is silly. In case anyone
hasn't noticed, it stores the password on disk in the clear. This is
so it can erase it after resume and thereby make recovery of the
suspend image hard.

But laptops get stolen while they're suspended, not while they're up
and running. And if your box is up and running and an attacker gains
access, the contents of your suspend partition are the least of your
worries. It makes no sense to expend any effort defending against this
case, especially as it's liable to become a barrier to doing this
right, namely with real dm_crypt encrypted swap.
 
At the very least, this should be renamed SWSUSP_QUICK_WIPE and any
mention of encryption should be taken out of the description so users
don't mistakenly think it provides any sort of useful protection.

-- 
Mathematics is the supreme nostalgia of our time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/