Thanks to Fedora community; Installation & Disk Partitioning ISSUE
ignored_mailbox at yahoo.com.au
Mon Nov 7 16:51:21 UTC 2011
>> Suspend does it to RAM. So your computer needs (minimal) power
>> continuously available to it, to keep what it's stuffed into memory.
>> If the memory is lost, then the next boot will be a cold boot.
> But without intentionally deleting memory, how could it be lost except
> for the case that power has gone and I am not using UPS....Cold boot
> simply means that it doesn't need credentials to log-on?
Your power fails, your laptop battery goes flat, your laptop goes into a
power save mode that's inadequate for keeping the RAM contents intact...
I've always wondered about the last one, since computers use dynamic
RAM, these days, you can't just keep supplying power to the RAM, it
needs constantly refreshing.
> But still how thief can log-in when I have encrypted password,
> password necessary to boot in, disabled booting via CD-rom, disabled
> booting via usb. Still chances are there that the thief can crack in ?
With a cold boot, a thief would have to break all your encryption before
they could attempt to hack in. They've got to get it to boot, before
they can hack it.
With a resume, the drive is already mounted to the system in an
un-encrypted manner, just there's no currently logged in user. That's
the state that a hibernated/suspended machine will resume to (running,
but keyboard/mouse locked out until you login).
They've only got to manage to log in. If you've left servers running,
there may be one that's vulnerable to a hack. If you've left a mail
client running, it may be spewing your password straight out the network
port, every few minutes.
Of course, if you have a computer that auto-logs you in without you
entering any password, or you have suspend/hibernate not lock access
away during the suspend/hibernate process, a resume/boot-up will let
anybody straight in unchallenged.
>> Some sort of hardware token, such as a key that must be inserted
>> while booting, but is kept separate from the computer, is the
>> simplest way to avoid that problem.
> This I didn't understand how to achieve, but thanks for the above
You're welcome, and I don't have a ready answer for how one might go
about doing it. But it's the kind of thing you'd have to do (making
booting and resuming dependent on something that you kept separate from
[tim at localhost ~]$ uname -r
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the users