Hi, many thanks for the clarifications. Fedora has a very nice and unobstrusive crypto setup but finding out the technical details involves looking into quite a few places. The http://code.google.com/p/cryptsetup/ pages seems to have plenty of information for a start. > (If you think about coldboot or something similar - dm-crypt provides functions to > temporarily freeze device and empty keys and I also added support for this to cryptsetup. > So the controlled suspend/resume to RAM can ask for LUKS passphrase and unlock master key, > preventing active encryption keys in RAM. that is a really godd idea - is there a howto somewhere? Coldboot is not my main worry but it is certainly good to take reasonable precautions. > If you know about some problem in dm-crypt, just let me know (or write to dm-crypt mailing list). I have some problems with hibernation which look like it might be related to the dm layer but am not totally sure. Unfortunately it is rare enough that I could not catch it with any of the remote debugging methods. I could only email a picture of a stack trace. Richard - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
