Christian wrote: > "man swapon" says: "If loop=/dev/loop? and encryption=AES128 options are > present in /etc/fstab then swapon -a will set up loop devices using > random keys..." > > I hope this is also true for encryption=AES256 ? Possibly you may want > to add this to your great README. Of course it works with encryption=AES256 > Is there also a way to check that encrypted swap is working? "cat /proc/swaps" command should show one or more lines starting with /dev/loop string. > And is it possible to suspend to disk with root encryption? I don't recommend suspend when there are encryption keys in kernel RAM. > Further, in your README, at example 7.6, 1-6), is it possible that you > forgot to add "with exception that in step 2 you must copy aespipe to > /boot/iso "? aespipe needs to be in /boot not in /boot/iso > In my second last e-mail answered by you, you didn't comment on my > question (which I'm reformulating here and in the next paragraph) wheter > a non-patched gpg would represent a big weakness. > > In your README, you assign security level 1 to "gpg encrypted > 'multi-key' key file and/or gpg public+private keys are stored on > separate removable USB dongle that is not available to attacker." You > also write that "if USB dongle and its key files are available to > attacker, security level is equivalent to level 2." By which factor > would you say that level 2 is less secure than level 1? Human memorizable passphrase that protects the key file is the weakest part. If attacker does not have that file, then it eliminates that weakness. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
