<quote name="Charles Curley" date="Thu, 24 Jun 2010 at 12:48 -0600"> > On Thu, 24 Jun 2010 11:26:57 -0600 > Shane Hathaway <[email protected]> wrote: > > It sounds like you're using hibernation with an encrypted swap > > device. Is that even possible? ;-) Has it worked before? > > I have no idea. Considering the security implications of running > without an encrypted swap partition, I hope so.
Indeed. > But for serious security concerns (while going through the Terminally > Stupid Agency's line to get fondled, riding in NYC taxis, e.g.), shut > the thing down completely. If you have an encrypted swap area or > encrypted file system(s), remember that those are mounted during the > suspension or hibernation, so if bad guys can get the machine up from > suspension or hibernation, they have bypassed your encryption. Precisely, as HHH has addressed. > With that in mind, maybe I should get rid of the encryption in the > swap partition? What ever for? This makes it more secure how? Here's what I would do if I were really worried about my memory and my data while travelling and also worried about using hibernate. Use cryptswap! Swap may not always have useful stuff in it, and it probably doesn't get keystrokes to your pgp keys, but it has other things like keys for filesystem encryption, ESPECIALLY if you hibernate. Hibernation pushes ALL memory to the disk. So ANYTHING related to actively decrypting any mounted filesystem or a currently unlocked pgp key (it has to have a copy of the unlocked version in memory to USE the key) WILL get pushed to disk, so yes, you better have it on an encrypted swap. Then, I would get one of those teeny tiny usb flash drives, put the key for the cryptswap on it. I am sure there HAS to be a way to configure initrd to read the cryptswap key off of the usb drive, though I've never done it. Then, when you hibernate, simply pull out the usb drive and put it somewhere separate from your laptop, like, in a filling. ;) Or maybe just a pocket. Then you could not resume from hibernate without the drive, with the encryption key, in the laptop. As far as not using hibernate when you travel, we as humans are fallible. If you use hibernate at all, and you're worried about this stuff, then that is not a good aproach. You could have used your laptop tuesday, hibernated it that night. Not used it at all on wednesday, then pack it up for the airport on thursday. You also were lucky enough to remember that it was hibernated, but you're running late, and don't have time to resume and shut down again... you get the idea. You can pull out a usb drive when you're running late. > However, hibernation > writes a memory image to a swap partition, where bad guys can recover > it. Not if it's encrypted, and you've secured the key as I described or password protect the cryptswap resume (this is possible right?) > Suspension does not, so it leaves one less thing around for the bad > guys to recover. > http://www.charlescurley.com/blog/archives/2009/12/05/how_to_secure_your_laptop_before_crossing_the_border/index.html Someone else mentioned this is not true. It is however much more involved to get stuff off of volatile memory than to read a stable swap. But also it is entirely possible that there is sensitive stuff in swap anyway... Just use cryptswap, and employ a method of making the cryptswap unavailable without a password or a detachable device. I also sure hope that when you boot on a configured cryptswap, that the OS doesn't 'know' some static key to the encryption and enable the swap the same way each time... obviously it would have to for hibernate, which is why I would have it 'know' that key on a separate device, or have it be password protected. But for a cold boot, say someone presses the power, waits until initrd is done setting up the cryptswap, then interrupts and freezes the ram and recovers the key to cryptswap, and then recovers the swap from last time you shut down... no, it won't be clean!! I really don't know how it works though, so I'd be interested if someone can shed some light on it. New random encryption key on cryptswap for each boot would be the way it should be. Von Fugal -- Don't believe everything you think.
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
