Hello, I wonder how I should implement LUKS encrypted swap with random encryption at every boot. (Yes, I know that I shouldn't use suspend on such a system ;-) I tried the example from man crypttab: cr_md0 /dev/md0 /dev/random swap Result: Swap not active - probably because /dev/random can only provide some bytes at boot time. Testing with "boot.crypto start /dev/md0", it was hanging (probably again waiting for more random data) until I Ctrl-C'd it. I then tested with cr_md0 /dev/md0 /dev/urandom swap This seems to work (tested with "boot.crypto start /dev/md0"), but the manpage contradicts itsself: · The third column key file specifies the file to use for decrypting the encrypted data of the source device. It can also be a device name (e.g. /dev/urandom, which is useful for encrypted swap devices). Warning: luks does not support infinite streams (like /dev/urandom), it requires a fixed size key. So the first paragraph says "you can use /dev/urandom", and the second says "do NOT use /dev/urandom". Which part is correct? ;-) (and: please fix the manpage or ask for a bugreport) Regards, Christian Boltz -- Zeitreisen vermeide ich immer, sollen irgendwie ungesund sein. [Helga Fischer in suse-linux] --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org