On 08.09.2012, Arno Wagner wrote: > Swap can be encrypted with a one-time passphrase. This is more > secure as a constant passphrase. It can also be done > non-interactively. The (slight) security decrease when encrypting > swap with a static passphrase is that in the future you may still > find stuff in there if the passphrase gets compromised. When the passphrase gets compromised it'll be of no relevance what somebody will find inside the unencrypted swap. All swap content is derived from data of the system itself, which then also will be compromised. At least if a global passphrase is used. If every partition on a system has its own and unique passphrase, nobody would attack swapspace in the first place. There's more to get attacking the users /home or the root-partition. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
