Re: Encrypting a partition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 24, 2007 at 09:11:17AM -0800, Alan wrote:
> > On Mon, Dec 24, 2007 at 03:20:26PM +0530, Amitakhya Phukan wrote:
> 
> > There's little point in that, but it does add more security. Also, you
> > should encrypt any swap and, if not encrypting /home, /tmp:
> >
> > Add to /etc/crypttab:
> > 1. cswap /dev/volgroup/swap /dev/urandom swap
> > 2. ctmp /dev/volgroup/tmp /dev/urandom tmp
> > 3. cvartmp /dev/volgroup/vartmp /dev/urandom tmp
> 
> Does encrypting swap interfere with hibernate or sleep mode on laptops? 
> (Just asking in case I ever get sleep or hibernate working on my laptop.)

Yes. The swap partition is re-created each boot, with a random key, so
there's no way to get the old values (needed for resume).

If you wish for a encrypted swap allowing suspend, you'll have to place
a constant key in crypttab (which isn't secure, unless you also encrypt
the root), and check if the resume scripts support that case or manually
add it (not trivial).

-- 
lfr
0/0

Attachment: pgpBrlVZ6DuvF.pgp
Description: PGP signature


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux