-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 8/30/19 1:00 PM, Carlos E. R. wrote:
That makes me wonder about the benefits of the random key. If you are using encrypted swap, you probably are also using encrypted root and data partitions.
That's not necessarily true. Before I retired, I had a work computer that I wanted to be able to boot/reboot unattended. That means that an encryption key cannot be provided during boot. I set it up to use an encrypted home directory (with "ecryptfs"). But ecryptfs can use swap, so I also used randomly encrypted swap. It worked pretty well. I did not need to be there for it to be booted. But, of course, I was there if I logged into it, so I could handle crypto for the HOME directory. Actually, I could do that via ssh and a command line login. I made sure that "$HOME/.ssh" was available whether or not the home directory was decrypted. I logged in with ssh and public key authentication. Then I used "ecryptfs-mount-private" to make the encrypted home directory visible, providing the login key of the ssh session. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEv7/MJoKYXv2p0PaIZJcsjNEnCIUFAl1pva4ACgkQZJcsjNEn CIVHBAf+KLWeWQJOqFAfXTKNlaxK8znFu6h/DmGfSqb8rH7aQ7Cxh9AF/cM4f4FF 0cSWZp+d8pM8yMA7chlXk3mRXwgqj3qegFPg/G5LxEWfGQ9NirMCLdL0ZoL8esbY RynPIEZbocjIotrtjmdSil24eRVVHPs6OimgzpFEyUTxZ5LgTqb8VADUA7DXdhOo 5n9nXDACgKs0+6uGYsgO7P2B6H+jaMp/SdiqPOlTpg6SyYQkoCkHbt9e22JL0I2r LSK+jlryHc5gUBK9cu4Owf4kXK7orqBYCbA7dgDFQhkk49qNoDq90yYZi/SrcSz9 hUnQWArEBNscZFH39vZlx2yKPITjuA== =gXuK -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org