[ltp] Encryption - security?
Richard Neill
linux-thinkpad@linux-thinkpad.org
Thu, 11 Aug 2005 15:53:33 +0100
Tino Keitel wrote:
> You could also use suspend to disk to an encrypted device. I use
> dm-crypt, newer versions of suspend2 also have native encryption
> support via the crypto-API of the Linux kernel. This way, even after
> resume from suspend a password is needed to get the machine back to
> life.
>
Mandrake 10.2 really doesn't seem to like dm-crypt - I had to hack at
too many things to make it work sensibly - which is why I went with
loopback AES (and only had to do moderate amounts of hacking at
init-scripts). BUt I'll try this again with 11.0 (due out soon).
Is dm-crypt capable of revoking a password for a mounted filesystem
without unmounting it first?
I.e. I'd like to be able to execute "forget-passprase", which would make
the entire system unusable until it was re-entered. But I really don't
want to have to exit all the applications first.
Also, can you suspend to RAM in this way? Or does it have to be
suspend-to-disk?
Thanks,
Richard