[Pkg-cryptsetup-devel] uswsusp and cryptoswap
Jonas Meurer
jonas at freesources.org
Thu Jun 14 00:04:42 UTC 2007
On 13/06/2007 Helmut Grohne wrote:
> Hi,
Hey Helmut,
could you resend this email as a wishlist bugreport against cryptsetup?
The tool 'reportbug' is very useful for that. See http://bugs.debian.org
for more information.
The advantage of bugreports is, that they don't get lost.
thanks,
jonas
> I tried to use luks to encrypt swapspace for uswsusp, because this will
> also encrypt normal swapping activity and not only hibernation. After
> reading and experimenting with cryptsetup's initramfs hooks I found some
> things:
>
> The initramfs tries to limit the rate at which passwords can be entered
> by invoking sleep 3 on failures. I generally appreciate this behaviour,
> but in this case it would be cool if there was an easy way to disable
> this feature (easy means not editing files under /usr).
>
> In contrast to this high security the initramfs proposes normal booting
> after several password failures. I don't see any advantage in this
> behaviour. Assuming the user doesn't use cryptoroot this leads to an
> easier way to get a running system as an attacker. If one really does
> not want to resume there is an easier way than pressing enter all the
> time: append noresume to kernel command line. This also has the
> advantage, that a boot loader can be configured not to accept these
> modifications without a password. I therefore suggest asking for
> passwords until it is valid or a configurable behaviour.
>
> Otherwise uswsusp seems to work great with cryptsetup and luks (i.e.
> roughly out of the box with some googling, documentation would be
> great). (Actually I only tried in qemu yet. ;-)
>
> Please cc me on replies as I'm not on the list.
More information about the Pkg-cryptsetup-devel
mailing list