On Mon, Dec 24, 2007 at 09:11:17AM -0800, Alan wrote: > > On Mon, Dec 24, 2007 at 03:20:26PM +0530, Amitakhya Phukan wrote: > > > There's little point in that, but it does add more security. Also, you > > should encrypt any swap and, if not encrypting /home, /tmp: > > > > Add to /etc/crypttab: > > 1. cswap /dev/volgroup/swap /dev/urandom swap > > 2. ctmp /dev/volgroup/tmp /dev/urandom tmp > > 3. cvartmp /dev/volgroup/vartmp /dev/urandom tmp > > Does encrypting swap interfere with hibernate or sleep mode on laptops? > (Just asking in case I ever get sleep or hibernate working on my laptop.) Yes. The swap partition is re-created each boot, with a random key, so there's no way to get the old values (needed for resume). If you wish for a encrypted swap allowing suspend, you'll have to place a constant key in crypttab (which isn't secure, unless you also encrypt the root), and check if the resume scripts support that case or manually add it (not trivial). -- lfr 0/0
Attachment:
pgpBrlVZ6DuvF.pgp
Description: PGP signature
