Bug#382280: [Pkg-cryptsetup-devel] Bug#382280: maybe user-space?
David Härdeman
david at 2gen.com
Tue Aug 15 13:44:08 UTC 2006
On Sun, August 13, 2006 19:45, martin f krafft said:
> also sprach martin f krafft <madduck at debian.org> [2006.08.13.1805 +0100]:
>> thinking about this some more, maybe this issue can only be solved
>> if suspend first disables swap and dm-crypt, then suspends to the
>> raw block device, then after resume restores a new swap with a new
>> random key.
>
> ... in which case the suspend data would not be encrypted, which is
> BAD. disregard my suggestion.
>
> instead, how about dumping the (random) key to the initramfs and
> encrypting it with a symmetric one determined by the user? or if the
> swap is encrypted with luks, just add a new key on suspend and
> remove it after resume.
>
> question is how to get that symmetric key from the user...
Actually, getting a symmetric key from the user is much like setting up
the swap partition not to use a random key in the first place.
I think the solution would be simply to document that swap-with-random-key
and swsusp is not a supported combination and recommend that users use a
static key for their swap partitions if they want to use swsusp.
I still have to add resume partition enabling to the cryptsetup initramfs
scripts though.
Regards,
David
More information about the Pkg-cryptsetup-devel
mailing list