[COLUG] Linux Laptop
Duane
duane at cacert.org
Mon Aug 7 20:12:55 EDT 2006
On Tue, 2006-08-08 at 08:09 +0900, Josh Glover wrote:
> The trick is only that you encrypt swap with a real key, rather than a
> throw-away key. When you suspend, memory contents are written out to
> swap, and as long as you are using dm-crypt, and have a smart initrd,
> you can bring up the dm-crypt tunnels before you mount swap, and before
If memory serves correctly dm-crypt is susceptible to attacks and the
loop-aes guy and kernel maintainers have had huge arguments in the past
and the kernel guys still went ahead implemented it wrong (according to
the loop-aes guy).
Now who is really right and wrong takes a lot of in depth knowledge on
crypto systems and implementations and so on and so forth.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the colug432
mailing list