Pavel Machek wrote:
> I'd like to retain ability to read suspend image in any order (so that
> code can be reused for swap encryption, etc).
> Pavel
This is not possible with cipher block chaining as used right now. One
would have to use a non-random iv set needs to set for every page. And
this leads to exactly the same problem why dm-crypt now offers the
'essiv' mode. I don't know if a random access feature is worth this
effort as sequential disk access (sequential write, sequential read) is
usally the fastest method anyway.
For regular swap encryption I do hope that the initrd feature of swsup2
will eventually find its way into the mainline kernel. This way you can
have an external key for dm-crypt to access the encrypted swap partition.
dm-crypt thus would guard the system during suspend/poweroff while the
encrypted suspend image guards against data gathering after
resume/reboot (the latter when mkswap is used).
--
Andreas Steinmetz SPAMmers use [email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]