Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964950AbWCTVfG (ORCPT ); Mon, 20 Mar 2006 16:35:06 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964971AbWCTVfF (ORCPT ); Mon, 20 Mar 2006 16:35:05 -0500 Received: from gprs189-60.eurotel.cz ([160.218.189.60]:30374 "EHLO amd.ucw.cz") by vger.kernel.org with ESMTP id S964950AbWCTVfB (ORCPT ); Mon, 20 Mar 2006 16:35:01 -0500 Date: Mon, 20 Mar 2006 22:34:00 +0100 From: Pavel Machek To: "Rafael J. Wysocki" Cc: Alon Bar-Lev , Peter Wainwright , kernel list Subject: Re: Announcing crypto suspend Message-ID: <20060320213400.GI24523@elf.ucw.cz> References: <20060320080439.GA4653@elf.ucw.cz> <200603202126.23861.rjw@sisk.pl> <20060320203507.GF24523@elf.ucw.cz> <200603202222.14634.rjw@sisk.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200603202222.14634.rjw@sisk.pl> X-Warning: Reading this can be dangerous to your mental health. User-Agent: Mutt/1.5.9i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1666 Lines: 40 On Po 20-03-06 22:22:13, Rafael J. Wysocki wrote: > On Monday 20 March 2006 21:35, Pavel Machek wrote: > > On Po 20-03-06 21:26:23, Rafael J. Wysocki wrote: > > > On Monday 20 March 2006 20:11, Alon Bar-Lev wrote: > > > > Rafael J. Wysocki wrote: > > > > > and please read the HOWTO. Unfortunately the RSA-related part hasn't been > > > > > documented yet, but it's pretty straightforward. > > > > > > > > Hello, > > > > > > > > I don't understand why you are working so hard on this... If > > > > you want encryption, you should care about all of your data! > > > > > > I hope you realize there may be sensitive data in the suspend image > > > that are not stored in filesystems (eg. crypto keys, passwords etc.). > > > > If you have your swap partition on encrypted filesystem, that may > > actually work okay. > > Yes, but that's why you may want to encrypt suspend images even if you > don't need to encrypt your filesystems. :-) Of course, agreed. Encrypting filesystem is stupid thing from data-recovery standpoint; and I care about my data; it is also hard to backup. For some uses it is of course neccessary, but it has lots of disadvantages, too. Encrypted swsusp has basically no disadvantages. [I believe we should encrypt swap with random key generated on boot by default. That should be also very cheap, and has no real disadvantages]. Pavel -- Picture of sleeping (Linux) penguin wanted... - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/