On Thu, 2004-02-26 at 19:37, Jari Ruusu wrote: > > ..but I didn't really understand if this means that it is "recommended" > > or safe to use an encrypted version of software suspend now, or if this > > is still hazardous. I saw some notes of scepticism among linux kernel > > developers. > Here compatible means that unencrypted loop devices do not livelock during > suspend to disk. If there are encrypted loops active when suspending to > disk, encryption keys will get written to disk when kernel RAM is saved to > suspend partition, therefore completely voiding security of those keys. Jari, I forgot to ask for your comments on the approach on this site I found on Google: http://perso.wanadoo.fr/pascal.brisset/initrd-swsusp/ I guess it's a pretty clear signal in the opposite direction if the Linux kernel developers are against it, but as suspend obviously could be a useful feature (making an encrypted system equal in use to a regular one), I'm wondering if you think it could be done like this, or know of other projects that will get us there in time? --lars - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
