Hi!
Encrypted swap is working now, however when I first generated the 64 random encryption keys, swap wasn't. So I'm worried if I better create and memorize a new passphrase, or doesn't it matter since I created new 64 keys when I really had encrypted swap working?
Also, is someone aware of howtos or best practices for allowing root encryption and plausibe deniability for protecting e.g. against "lead-pipe" attackers or a provisional court order (which later could be sentenced as unlawful)?
What do you think about adding these issues to your README, Jari? (I saw that you already wrote about this at http://www.spinics.net/lists/crypto/msg01063.html)
> Lead-pipe dudes can't demand a password for encrypted swap partition
> because encrypted swap keys are erased at power off or 'swapoff -a'
> time. In other words, your real root partition is disguised as unused > encrypted swap partition.
But lead-pipe dudes (or legal enforcement dudes) would probably wonder why you have 2 swap partitions, one of them totally oversized and not in use. Isn't is possible to disguise real root as an unformatted partition?
Everyone enjoy their weekend!
Christian
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/