Re: Announcing crypto suspend
From: Pavel Machek
Date: Mon Mar 20 2006 - 16:32:35 EST
On Po 20-03-06 22:22:13, Rafael J. Wysocki wrote:
> On Monday 20 March 2006 21:35, Pavel Machek wrote:
> > On Po 20-03-06 21:26:23, Rafael J. Wysocki wrote:
> > > On Monday 20 March 2006 20:11, Alon Bar-Lev wrote:
> > > > Rafael J. Wysocki wrote:
> > > > > and please read the HOWTO. Unfortunately the RSA-related part hasn't been
> > > > > documented yet, but it's pretty straightforward.
> > > >
> > > > Hello,
> > > >
> > > > I don't understand why you are working so hard on this... If
> > > > you want encryption, you should care about all of your data!
> > >
> > > I hope you realize there may be sensitive data in the suspend image
> > > that are not stored in filesystems (eg. crypto keys, passwords etc.).
> >
> > If you have your swap partition on encrypted filesystem, that may
> > actually work okay.
>
> Yes, but that's why you may want to encrypt suspend images even if you
> don't need to encrypt your filesystems. :-)
Of course, agreed. Encrypting filesystem is stupid thing from
data-recovery standpoint; and I care about my data; it is also hard to
backup. For some uses it is of course neccessary, but it has lots of
disadvantages, too.
Encrypted swsusp has basically no disadvantages.
[I believe we should encrypt swap with random key generated on boot by
default. That should be also very cheap, and has no real
disadvantages].
Pavel
--
Picture of sleeping (Linux) penguin wanted...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/