| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Jul 2007 11:56:36 +0200 From: "Rafael J. Wysocki" <rjw@...k.pl> To: Vojtech Pavlik <vojtech@...e.cz> Cc: "Dr. David Alan Gilbert" <linux@...blig.org>, LKML <linux-kernel@...r.kernel.org>, Alan Stern <stern@...land.harvard.edu>, Andrew Morton <akpm@...ux-foundation.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, "Huang, Ying" <ying.huang@...el.com>, Jeremy Maitin-Shepard <jbms@....edu>, Kyle Moffett <mrmacman_g4@....com>, Nigel Cunningham <nigel@...el.suspend2.net>, Pavel Machek <pavel@....cz>, pm list <linux-pm@...ts.linux-foundation.org>, david@...g.hm, Al Boldi <a1426z@...ab.com> Subject: Re: Hibernation considerations On Sunday, 29 July 2007 08:53, Vojtech Pavlik wrote: > On Mon, Jul 16, 2007 at 12:38:11AM +0200, Rafael J. Wysocki wrote: > > > > Or the user unplugs their flash drive after hibernation rather than before. > > > > > > Two things which I think would be nice to consider are: > > > 1) Encryption - I'd actually prefer if my luks device did not > > > remember the key accross a hibernation; I want to be forced to > > > reenter the phrase. However I don't know what the best thing > > > to do to partitions/applications using the luks device is. > > > > Encryption is possible with both the userland hibernation (aka uswsusp) and > > TuxOnIce (formerly known as suspend2). Still, I don't consider it as a "must > > have" feature for a framework to be generally useful (many users don't use it > > anyway). > > If a user uses an encrypted filesystem, then he also needs an encrypted > swap and encrypted hibernation image: Otherwise the fileystem encryption > is not very useful. I was talking about hibernation image encryption. Arguably, if the image is encrypted, you don't need to worry about its contents, including the keys for other kinds of encryption (eg. fs encryption). > Forgetting the filesystem/swap decryption keys before hibernation is > probably harder to do - there may be sensitive data in the kernel memory > image that weren't cleared - even if the key itself is not there. If the image is encrypted, its contents are not available to anyone unauthorized and that includes the filesystem/swap decryption keys. > In my opinion, encrypted hibernation is what every notebook user should > want - that's the only way how to make sure data from the notebook > aren't available when the notebook is physically stolen. Provided that there are any sensitive (to the user or her employer etc.) data in the notebook. Greetings, Rafael -- "Premature optimization is the root of all evil." - Donald Knuth - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists