https://bugzilla.novell.com/show_bug.cgi?id=399298 Summary: encrypt swap partions by default on every boot using a random key Product: openSUSE 11.1 Version: Alpha 0 Platform: All OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: funtasyspace@yahoo.com QAContact: qa@suse.de Found By: --- I think for security reasons, swap partitions should be encrypted by default in a way where a RANDOM encryption key is generated on EVERY boot, so users are not required to enter the key on every boot. As the swap partition is also used for hibernation/suspend-to-ram this would raise the problem of not being able to decrypt the hibernation data on the next boot. Therefore I would suggest to automatically create a dedicated, encrypted hibernation file before hibernating and writing the RAM content into this file instead of writing into the swap partition. The key for this encrypted hibernation file should be derived from a password the user is requested to enter immediately after initiating the hibernation process (or by using a fingerprint reader if available for more convenience, but less security). Though, an open question would be a solution for the case, when the user is not present to enter a password or swipe his finger because hibernation is done automatically (after an idle timeout or because of low battery). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.