-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower.
Again you are not 100% sure. It has been discussed several times about the posibility of un-erasing erased data, but we can consider that unerasing and trying to recover data from swap might be not very useful.
Erasing the swap, as it is not a file, and because we are talking security here, means overwriting the swap data with something else. Even in that case, data is recoverable, if you have the means; but I suppose the ordinary thief picking a portable does not have those means, and if he has those means then he is not ordinary thief and even encryption will not deter him much.
But on the other hand, you are leaving your information thief-readable whenever halt.local is not executed. If the system does not shut down clearly, or the thief knows that he has to unplug the cable (remove the batery) instead of initing-6 he is done.
If the thief can get to my PC while running, I have bigger worries. He might be armed!
Ok, you can say that whenever *you* shut down the system, then it is "safe", and I agree :-) It is only a matter of how much you want to be secure and all-data-encription is the way to be MORE confident on the solution.
Yes. But I'm not that "paranoid". As I use "suspend to disk", what worries me is that the password to the encrypted partitions is saved in clear in the swap partition - this a pending problem. And encrypting the swap partition would not solve it, because then I could not suspend to disk, and also I fear that swapping would be much slower. - -- Saludos Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDgLihtTMYHG2NR9URAsrPAKCSIoiwc9CjbYVSWSH8XP+4I0mEwQCffj6p LAsJqAEOquTUtkfeIVQf/lk= =lgEw -----END PGP SIGNATURE-----