-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2005-11-21 at 10:17 +0100, Dirk Schreiner wrote:
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower.
Erasing is no good idea. Too much can go wrong, and you never will find out.
Like...? The only thing I can think is that it can not erase for some reason.
[...]
But on the other hand, you are leaving your information thief-readable whenever halt.local is not executed. If the system does not shut down clearly, or the thief knows that he has to unplug the cable (remove the batery) instead of initing-6 he is done.
If the thief can get to my PC while running, I have bigger worries. He might be armed!
So you shutdown youre system whenever going to toilet. Or for a cup of coffee......
I know of stolen Laptops during working hours.
And I know of stolen motherboards from the inside of PCs. They took the insides and left the iron. With armed guards and entry control points in the premises. No, as I said, I don't worry about that. As I said, if they can get to my PC while running to do "bad things", having information readable is the least of my worries. They could be armed, kidnap me, and force me to tell the passwords and anything.
Yes. But I'm not that "paranoid".
You Should be! Or forget thinking about Security.
No! Everything is a compromise. You decide what level of security you want and need. I don't need that much security. I I were working for a bank, or for defense, or a competitive investigation project, say, I'd be very paranoid. As I'm not, then I don't have to. I don't keep anything in my PC that a thief couldn't get otherwise. Bank accounts? He could stole my snail-mail instead, or search my desk and cupboards for papers.
As I use "suspend to disk", what worries me is that the password to the encrypted partitions is saved in clear in the swap partition - this a pending problem. And encrypting the swap partition would not solve it, because then I could not suspend to disk, and also I fear that swapping would be much slower.
Give it a try. On most systems you can switch over in running state. (And also back ;-) )
I do use suspend to disk every day, it works fine. Once I suspended during a kernel compile. No problem, when it awoke, it continued running. But if i used a encrypted swap partition, I could not suspend, because it would need the decryption password when awakening. The password needs to be manual, no automatic. And otherwise, my system would be much slower when trashing or swapping. As I said, I'd be content with the password to my encrypted partition not being saved in the swap. That would satisfy my limited paranoia ;-) - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDgddmtTMYHG2NR9URApW+AKCJ4h4Q/YENGj9uauZhQNd5vloKDACfc6Xd KU8GuscTbKGzx94eZJL+gzs= =8g9a -----END PGP SIGNATURE-----