[ltp] Suspend with crypted swap?
Igor V. Rafienko
linux-thinkpad@linux-thinkpad.org
Fri, 7 Sep 2007 15:37:47 +0200 (CEST)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---259931583-846636874-1189172267=:18369
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
on Sep 5, 2007, 17:04, Daniel Maier wrote:
[ ... ]
>>> Is there any reason for having / plain but using crypted swap?
>>
>> Yes there is! Any secrets that you keep in kernel will be written to=20
>> swap during suspend-to-disk. Do you want to have it there in clear?
>
> But you don't care about all the other data?
All the other data is public.
It make sense to encrypt /tmp too, but what sensitive information, do you=
=20
think, is available from /, which does not come from /home or swap? The=20
only thing I can think of is the wpa_supplicant.conf, but it is easier to=
=20
move it to an encrypted partition (rather than encrypt /).
ivr
--=20
hvilket betyder at sprogdefinitionen tillader overs=E6tteren at g=F8re
hvadsomhelst med den, inklusive overs=E6tte den til kode der f=E5r sm=E5
nisser til at danse rundt om sk=E6rmen og r=E5be ukvemsord ad programm=F8re=
n.
=09=09-- Henning Makholm om "undefined behaviour"
---259931583-846636874-1189172267=:18369--