Re: [gentoo-amd64] Re: Using encrypted swap via cryptsetup-luks on amd64

Sat, 21 Oct 2006 22:23:26 -0700 

On Saturday 21 October 2006 23:16, Jason Booth wrote:
> On Saturday 21 October 2006 21:26, Richard Freeman wrote:
> > Duncan wrote:
> > > I'm not running encrypted swap tho I've always thought it'd be nice to
> > > setup /someday/, so I can't help directly.
> >
> > I just run the following script from local.start.  I forget where I
> > found it online.  Obviously change the swapdevice variable!
> >
> > Honestly, my guess is that it is overly paranoid.  You could probably
> > eliminate most of the steps this script takes, but it runs in only a
> > second or two so it isn't a big deal.  I would leave in the bit that
> > zeros the start of the encrypted swap partition - it probably helps to
> > keep mkswap from getting confused.
> >
> > Not sure what the fancy scripts that are being discussed do, but this is
> > plenty good for me, and I'm sure Duncan could get this running in about
> > 15 seconds...
>
> Yeah this script has worked fine for me for like 5 years except for one
> thing:
>
> I can't find which gentoo package contains uuencode(installed
> uucp,uulib,uudeview and googled to no avail).
Nevermind I just found it: sharutils

>
> > #!/bin/sh
> > # Run this script somewhere in your startup scripts _after_ random
> > # number generator has been initialized and /usr has been mounted.
> > # (md5sum, uuencode, tail and head programs usually reside in /usr/bin/)
> >
> > # encrypted swap partition
> > SWAPDEVICE=/dev/hda3
> >
> > # loop device name
> > LOOPDEV=/dev/loop6
> >
> > MD=`dd if=${SWAPDEVICE} bs=4k count=10 2>/dev/null | md5sum`
> > for X in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do
> >     dd if=/dev/zero of=${SWAPDEVICE} bs=4k count=10 conv=notrunc
> > 2>/dev/null sync
> > done
> > UR=`dd if=/dev/urandom bs=18 count=1 2>/dev/null \
> >
> >     | uuencode -m - | head -n 2 | tail -n 1`
> >
> > echo ${MD}${UR} | losetup -p 0 -e aes-cbc-256  ${LOOPDEV} ${SWAPDEVICE}
> > MD=
> > UR=
> > dd if=/dev/zero of=${LOOPDEV} bs=4k count=10 conv=notrunc 2>/dev/null
> > sync
> > mkswap ${LOOPDEV}
> > sync
> > swapon ${LOOPDEV}
>
> Thanks,
> Jason
>
> --
>  gpg public key:
> http://lazybird.hyperintelligent.net/~jbooth/jbooth_key.asc

-- 
 gpg public key: http://lazybird.hyperintelligent.net/~jbooth/jbooth_key.asc
-- 
gentoo-amd64@gentoo.org mailing list

Reply via email to