Martin Milata wrote: > Would it be possible to have e.g. luksSuspend and luksResume commands in > cryptsetup, where luksSuspend would equal running "dmsetup suspend dev; > dmsetup message dev 0 key wipe" (i.e. not really dependent on luks) and > luksResume would get the password from user, decrypt the key in header > and do equivalent of "dmsetup message dev 0 key set key; dmsetup resume > dev"; and use luksSuspend before suspend-to-ram and luksResume after the > wakeup? Yes, I plan to add this, you can track this issue here http://code.google.com/p/cryptsetup/issues/detail?id=3 > Does such a feature make sense or wouldn't it increase security of the > partition in question at all? Depends on situation, after key wipe there should be no volume key in memory but memory still can contain unencrypted data... > If it's not total nonsense and none of the developers would like to > implement it himself, I'm willing to try to write a patch for > cryptsetup. It should be easy to implement but my priority is now prepare new libcryptsetup api (will appear in svn soon) and implementation of these new features will follow - over this new api. Old api remains in its current state without new features added - just to retain compatibility, so implementing anything new using it is waste of time for now:-) Milan -- mbroz@xxxxxxxxxx _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
