----- Forwarded message from Tuomo Valkonen <[EMAIL PROTECTED]> -----
Date: Sun, 22 Jan 2006 19:16:30 +0200 From: Tuomo Valkonen <[EMAIL PROTECTED]> Subject: Re: cryptsetup: should check swap partition type To: Jonas Meurer <[EMAIL PROTECTED]> On 2006-01-22 17:05 +0100, Jonas Meurer wrote: > You mean, that the device should be checked with 'fdisk -l', and only if > the partition is type 'swap', cryptsetup and mkswap should be run over > it? Well, I'd like some way of ensuring that important data is not accidentally overwritten by swap setup on boot. Normal swap areas have a signature indicating that they're swap, and so the system won't use something that hasn't been prepared as swap as swap. But encrypted swap areas are usually created with a one-time random key, so the existence of such a signature from previous initialisation can't be checked. The partition table and fdisk provide a quick&dirty check that a partition is intended to be used as swap, and thus it is rather safe to create swap on it, but of course it isn't generally applicable. A better option might be to include a signature on the device outside the encrypted area (could perhaps be hacked with cryptsetup's -o option, and a test on the contents of the first block of the device), although for systems that have encrypted root disks and uninformative partition tables, it might degrade security. -- Tuomo ----- End forwarded message ----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
