-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2005-11-18 at 13:23 -0200, Ariel Sabiguero Yawelak wrote:
But the privacy based on filesystem encryption is not so strong if you cannot control things that are made thief-readable beyond your control, which is the regular problem with swap space. Obviously, it is not 100% sure that anything sensitive is going to be on the swap space.... but that is not enough.
The passphrase of the encrypted partitions go into swap space in clear when you suspend to disk. That is scary.
In general you want to work the other way, you want to be 100% sure that there is no information thief-readable after the computer is turned off. After this, swap partition encryption becomes your friend.
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDfnfEtTMYHG2NR9URAr1fAJ0ZeFmKotED8fqTdHzkNqvSKI3x3gCcD7X9 3Gln5UjDt+XcLhgWu2fVuyY= =ibC/ -----END PGP SIGNATURE-----