On Thu, Jan 10, 2008 at 11:56:33PM +0900, Msquared wrote: > I know this thread is aging a bit, but I thought I'd post some comments, > and link to an article I just put online: > > http://www.msquared.id.au/articles/cryptroot/ Why does it require javascript? > > > Then add it to /etc/crypttab: > > chome /dev/volgroup/home none > > With my article, you don't need anything in crypttab (including keys or > other sensitive information). I didn't see anything on that page that specified to the system to mount the encrypted home on boot. > On Mon, Dec 24, 2007 at 09:11:17AM -0800, Alan wrote: > > > Does encrypting swap interfere with hibernate or sleep mode on laptops? > > (Just asking in case I ever get sleep or hibernate working on my > > laptop.) > > On Mon, Dec 24, 2007 at 05:43:10PM +0000, Luciano Rocha wrote: > > > If you wish for a encrypted swap allowing suspend, you'll have to place > > a constant key in crypttab (which isn't secure, unless you also encrypt > > the root), and check if the resume scripts support that case or manually > > add it (not trivial). > > If you encrypt the swap itself using a random key each boot, you will have > problems. If you use a constant key in crypttab, then you don't have any > security unless the crypttab itself (or rather, the filesystem that > contains it) is also encrypted. Yes, I did mention just that. > If you use the method used in my article above, you should be able to > hibernate and resume without any problems Using LUKS for swap? It's an interesting idea, but I'd still like to nuke the contents of the swap on new boot. > I've tried and it worked for me, even with a dual-boot. In fact, I was > able to sleep Windows and resume Linux and vice versa for a much faster > way to switch from Windows to Linux (and vice versa). Of course, my > Windows partition isn't encrypted, but I don't use Windows as much. More information about the subject is always welcome. The ideal thing would be for upstream support for the most usual methods mentioned (including during install). -- lfr 0/0
Attachment:
pgpFhCig74eQn.pgp
Description: PGP signature
