also sprach martin f krafft <[EMAIL PROTECTED]> [2006.08.13.1805 +0100]: > thinking about this some more, maybe this issue can only be solved > if suspend first disables swap and dm-crypt, then suspends to the > raw block device, then after resume restores a new swap with a new > random key.
... in which case the suspend data would not be encrypted, which is BAD. disregard my suggestion. instead, how about dumping the (random) key to the initramfs and encrypting it with a symmetric one determined by the user? or if the swap is encrypted with luks, just add a new key on suspend and remove it after resume. question is how to get that symmetric key from the user... -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system
signature.asc
Description: Digital signature (GPG/PGP)
