Dear Carlos, thanks for your answer. Quoting Carlos E. R. (robin.listas@telefonica.net):
I understand that the current trick to encript both root and swap in openSUSE is to use an encripted LVM, and inside put both root and swap. Thus the password is only entered once, when resuming. And of course, the encription for memory in swap is as good as for root, it is phisically the same.
I don't like this method because I don't like LVM much.
Hm. I share your feelings towards LVM. But maybe I will try that nonetheless. I do not like LUKS either, because encrypting a partition and then writing in plain text most of the information how to decrypt it sounds like locking the door and then leaving information about how to obtain the key under the doormat. Nonetheless I already decided to use LUKS, mainly because I did not manage to make things run without.
The passphrase is gone when cryptsetup finishes.
Theoretically it could be kept in /proc/keys, right?
No use when resuming: it will be inside swap which you can not recover till the process knows the password.
Ah, you misunderstood. There's no problem with typing the passphrase for resuming. Problem is the suspend part -- here I would prefer to just have to press *one* key (the laptop's prebuilt function key) for the laptop to shut down. For this suspend to disk in my current setup I need to re-attach the needed swap space to the system, and this re-attachment needs the key. Susan Dittmar -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org