Hello Jari (& list members),
"man swapon" says: "If loop=/dev/loop? and encryption=AES128 options are present in /etc/fstab then swapon -a will set up loop devices using random keys..."
I hope this is also true for encryption=AES256 ? Possibly you may want to add this to your great README.
Is there also a way to check that encrypted swap is working? And is it possible to suspend to disk with root encryption?
Further, in your README, at example 7.6, 1-6), is it possible that you forgot to add "with exception that in step 2 you must copy aespipe to /boot/iso "?
In my second last e-mail answered by you, you didn't comment on my question (which I'm reformulating here and in the next paragraph) wheter a non-patched gpg would represent a big weakness.
In your README, you assign security level 1 to "gpg encrypted 'multi-key' key file and/or gpg public+private keys are stored on separate removable USB dongle that is not available to attacker." You also write that "if USB dongle and its key files are available to attacker, security level is equivalent to level 2." By which factor would you say that level 2 is less secure than level 1?
Anyway, as some say that the NSA is always about 10 years ahead of us, what do you believe are the chances that they already found a way to crack your crypto implementation?
Going even further - which ways do exist to set up dual-cipher encryption?
Many thanks,
Christian
P.S. I also want to thank Venkat for his answer.
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
