-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2010-10-13 at 10:40 +0200, Susan Dittmar wrote:
Dear Carlos,
thanks for your answer.
Quoting Carlos E. R. ():
I don't like this method because I don't like LVM much.
Hm. I share your feelings towards LVM. But maybe I will try that nonetheless. I do not like LUKS either, because encrypting a partition and then writing in plain text most of the information how to decrypt it sounds like locking the door and then leaving information about how to obtain the key under the doormat. Nonetheless I already decided to use LUKS, mainly because I did not manage to make things run without.
It does not shove the key under the mat, it simply labels outside the manufacturer of the safe. I suppose a good thief knows the make of the safe just by looking at it, doesn't need the label. Plus, remember that this is open source, thus the encription method is published entirely. You don't loose safety by using LUKS, I believe.
The passphrase is gone when cryptsetup finishes.
Theoretically it could be kept in /proc/keys, right?
No use when resuming: it will be inside swap which you can not recover till the process knows the password.
Ah, you misunderstood. There's no problem with typing the passphrase for resuming. Problem is the suspend part -- here I would prefer to just have to press *one* key (the laptop's prebuilt function key) for the laptop to shut down. For this suspend to disk in my current setup I need to re-attach the needed swap space to the system, and this re-attachment needs the key.
No, I did not missunderstood. You want to enter the key just once, and I say that /proc/keys is not available on resume. I will post another idea on another post. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAky1s1wACgkQtTMYHG2NR9Vz1QCeNGJk4GjO4db2VyT6YYg0B3o+ k6IAoJbwWprIuo6nvLVT8Dz92kkqRFbe =C0QY -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org