Mailinglist Archive: opensuse (2532 mails)

< Previous Next >
Re: [opensuse] decrypting LUKS partitions without passphrase
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Sun, 4 May 2008 12:28:46 +0200 (CEST)
  • Message-id: <alpine.LSU.1.00.0805041222360.18629@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



The Saturday 2008-05-03 at 21:56 -0400, Sam Clemens wrote:

> Is there a specific reason you are encrypting swap?

It is standard procedure.

Think: your portable is hibernated and then stolen.

Hint:

The password to mounted encrypted partition is in clear text in memory,
thus, in the swap. And any thing you may have opened.


Hint.. if you're portable is hibernated, then when the
thief restarts it, all of your partitions are already
mounted with good passwords, and can be perused by
merely doing

No. Think again.

That is what an "encrypted swap" avoids. You can not "unthaw" the computer without the password. The memory image is encrypted, so you can not look at it.

Of course, you will be able to look at any partition that is not encrypted, be it mounted or not - which is why the procedure usually includes encrypting root. Only /boot has to remain un-encrypted.

- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFIHY/gtTMYHG2NR9URAlOSAJ43X9suZ12U+du9QO/4irS7N/GRlQCdH0tX
lYrX3E1S7E9+t0EV7Ckbhl4=
=+Qlf
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >