My /etc/crypttab on a working openSUSE 10.3 box looks like this for the swap partition: cr_sda1 /dev/sda2 /dev/random swap The way to do it is to go through YaST->System->Partitioner and chose to format the partition and "Encrypt" partition. When prompted for a passphrase just leave both fields blank. Works like a champ! Wil ------------ Wilson Mattos Technology Specialist wmattos@novell.com 949-212-2805 Novell, Inc. Your Linux is Ready! www.novell.com/linux

...

...

Christian Boltz <suse-security@cboltz.de> 12/11/2007 4:15 PM >>> Hello,

I wonder how I should implement LUKS encrypted swap with random encryption at every boot. (Yes, I know that I shouldn't use suspend on such a system ;-) I tried the example from man crypttab: cr_md0 /dev/md0 /dev/random swap Result: Swap not active - probably because /dev/random can only provide some bytes at boot time. Testing with "boot.crypto start /dev/md0", it was hanging (probably again waiting for more random data) until I Ctrl-C'd it. I then tested with cr_md0 /dev/md0 /dev/urandom swap This seems to work (tested with "boot.crypto start /dev/md0"), but the manpage contradicts itsself: · The third column key file specifies the file to use for decrypting the encrypted data of the source device. It can also be a device name (e.g. /dev/urandom, which is useful for encrypted swap devices). Warning: luks does not support infinite streams (like /dev/urandom), it requires a fixed size key. So the first paragraph says "you can use /dev/urandom", and the second says "do NOT use /dev/urandom". Which part is correct? ;-) (and: please fix the manpage or ask for a bugreport) Regards, Christian Boltz -- Zeitreisen vermeide ich immer, sollen irgendwie ungesund sein. [Helga Fischer in suse-linux] --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org