Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261880AbUC0Vkl (ORCPT ); Sat, 27 Mar 2004 16:40:41 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261884AbUC0Vkl (ORCPT ); Sat, 27 Mar 2004 16:40:41 -0500 Received: from 69-150-147-130.ded.swbell.net ([69.150.147.130]:5790 "HELO arumekun.no-ip.com") by vger.kernel.org with SMTP id S261880AbUC0Vkk (ORCPT ); Sat, 27 Mar 2004 16:40:40 -0500 From: Luke-Jr To: swsusp-devel@lists.sourceforge.net Subject: Re: Paranoia is fun [Was Re: -nice tree [was Re: [Swsusp-devel] Re: swsusp problems [was Re: Your opinion on the merge?]]] Date: Sat, 27 Mar 2004 21:40:33 +0000 User-Agent: KMail/1.6.1 Cc: "Michael Frank" , "Micha Feigin" , "Linux Kernel Mailing List" References: <20040323233228.GK364@elf.ucw.cz> <200403272003.35410.luke-jr@artcena.com> In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403272140.33356.luke-jr@artcena.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1167 Lines: 22 On Saturday 27 March 2004 09:01 pm, Michael Frank wrote: > ... so one really would not want to put the key there. Right. > > Each and every shortcut is unsafe as it somwhere has to store the > full key and could be reverse engineered and broken "easily" > relative to breaking the key. If the key is based on hardware details that only root can obtain, it would require at least having the time to boot the victim computer into another OS to create the key. If the key is also dependant on details of the running kernel, it could be even harder to crack it. Password-based encryption might be wanted for certain cases, but I think most cases would do fine to prevent the image from being used for anything except restoring on the original system. That way, it would be significantly more difficult for someone to gain access to the memory that could be used for other encrypted things (such as GPG key generation). - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/