On Thu, Jan 10, 2008 at 11:56:33PM +0900, Msquared wrote:
I know this thread is aging a bit, but I thought I'd post some
comments,
and link to an article I just put online:
http://www.msquared.id.au/articles/cryptroot/
Why does it require javascript?
> Then add it to /etc/crypttab:
> chome /dev/volgroup/home none
With my article, you don't need anything in crypttab (including keys or
other sensitive information).
I didn't see anything on that page that specified to the system to mount
the encrypted home on boot.
On Mon, Dec 24, 2007 at 09:11:17AM -0800, Alan wrote:
> Does encrypting swap interfere with hibernate or sleep mode on laptops?
> (Just asking in case I ever get sleep or hibernate working on my
> laptop.)
On Mon, Dec 24, 2007 at 05:43:10PM +0000, Luciano Rocha wrote:
> If you wish for a encrypted swap allowing suspend, you'll have to place
> a constant key in crypttab (which isn't secure, unless you also encrypt
> the root), and check if the resume scripts support that case or manually
> add it (not trivial).
If you encrypt the swap itself using a random key each boot, you will have
problems. If you use a constant key in crypttab, then you don't have any
security unless the crypttab itself (or rather, the filesystem that
contains it) is also encrypted.
Yes, I did mention just that.
If you use the method used in my article above, you should be able
to
hibernate and resume without any problems
Using LUKS for swap? It's an interesting idea, but I'd still like to
nuke the contents of the swap on new boot.
I've tried and it worked for me, even with a dual-boot. In fact,
I was
able to sleep Windows and resume Linux and vice versa for a much faster
way to switch from Windows to Linux (and vice versa). Of course, my
Windows partition isn't encrypted, but I don't use Windows as much.
More information about the subject is always welcome. The ideal thing
would be for upstream support for the most usual methods mentioned
(including during install).
--
lfr
0/0