Tim: >> Suspend does it to RAM. So your computer needs (minimal) power >> continuously available to it, to keep what it's stuffed into memory. >> If the memory is lost, then the next boot will be a cold boot. Linux Tyro: > But without intentionally deleting memory, how could it be lost except > for the case that power has gone and I am not using UPS....Cold boot > simply means that it doesn't need credentials to log-on? Your power fails, your laptop battery goes flat, your laptop goes into a power save mode that's inadequate for keeping the RAM contents intact... I've always wondered about the last one, since computers use dynamic RAM, these days, you can't just keep supplying power to the RAM, it needs constantly refreshing. > But still how thief can log-in when I have encrypted password, > password necessary to boot in, disabled booting via CD-rom, disabled > booting via usb. Still chances are there that the thief can crack in ? With a cold boot, a thief would have to break all your encryption before they could attempt to hack in. They've got to get it to boot, before they can hack it. With a resume, the drive is already mounted to the system in an un-encrypted manner, just there's no currently logged in user. That's the state that a hibernated/suspended machine will resume to (running, but keyboard/mouse locked out until you login). They've only got to manage to log in. If you've left servers running, there may be one that's vulnerable to a hack. If you've left a mail client running, it may be spewing your password straight out the network port, every few minutes. Of course, if you have a computer that auto-logs you in without you entering any password, or you have suspend/hibernate not lock access away during the suspend/hibernate process, a resume/boot-up will let anybody straight in unchallenged. > >> Some sort of hardware token, such as a key that must be inserted >> while booting, but is kept separate from the computer, is the >> simplest way to avoid that problem. > > This I didn't understand how to achieve, but thanks for the above > explanation. You're welcome, and I don't have a ready answer for how one might go about doing it. But it's the kind of thing you'd have to do (making booting and resuming dependent on something that you kept separate from the laptop). > -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
