Rafael J. Wysocki wrote:
> Hi,
>
> On Monday, 11 of April 2005 19:02, Andreas Steinmetz wrote:
>
>>Rafael J. Wysocki wrote:
>>
>>>Hi,
>>>
>>>On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
>>>
>>>
Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
>Hi!
>
>
Rafael J. Wysocki wrote:
Hi,
On Monday, 11 of April 2005 19:02, Andreas Steinmetz wrote:
Rafael J. Wysocki wrote:
Hi,
On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
Hi!
Oliver Neukum wrote:
What is the point in doing
Hi,
On Monday, 11 of April 2005 19:02, Andreas Steinmetz wrote:
> Rafael J. Wysocki wrote:
> > Hi,
> >
> > On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
> >
> >>Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
> >>
> >>>Hi!
> >>>
> >>>
> >Oliver Neukum wrote:
> >
>
Rafael J. Wysocki wrote:
> Hi,
>
> On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
>
>>Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
>>
>>>Hi!
>>>
>>>
>Oliver Neukum wrote:
>
>>What is the point in doing so after they've rested on the disk for ages?
>
>The
Hi,
On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
> Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
> > Hi!
> >
> > > > Oliver Neukum wrote:
> > > > > What is the point in doing so after they've rested on the disk for
> > > > > ages?
> > > >
> > > > The point is not physical
> Andreas is right, his patches are needed.
>
> Currently, if your laptop is stolen after resume, they can still data
> in swsusp image.
Which shows that swsusp is a security risk if you have sensitive data in
RAM. A thief stealing a running computer can get access to memory
contents much more
Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
> Hi!
>
> > > Oliver Neukum wrote:
> > > > What is the point in doing so after they've rested on the disk for ages?
> > >
> > > The point is not physical access to the disk but data gathering after
> > > resume or reboot.
> >
> > After
Hi!
> > Encrypting swsusp image is of course even better, because you don't
> > have to write large ammounts of zeros to your disks during resume ;-).
>
> How does zeroing help if they steal the laptop? The data is there, they
> can just pull the hard disk out and mirror it before they boot.
>
Pavel Machek wrote:
> Encrypting swsusp image is of course even better, because you don't
> have to write large ammounts of zeros to your disks during resume ;-).
and while we are at it: compressing before encryption will also reduce
the amount of data you have to write during suspend... ;-)
>
Pavel Machek wrote:
Encrypting swsusp image is of course even better, because you don't
have to write large ammounts of zeros to your disks during resume ;-).
and while we are at it: compressing before encryption will also reduce
the amount of data you have to write during suspend... ;-)
Hi!
Encrypting swsusp image is of course even better, because you don't
have to write large ammounts of zeros to your disks during resume ;-).
How does zeroing help if they steal the laptop? The data is there, they
can just pull the hard disk out and mirror it before they boot.
The
Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
Hi!
Oliver Neukum wrote:
What is the point in doing so after they've rested on the disk for ages?
The point is not physical access to the disk but data gathering after
resume or reboot.
After resume or reboot normal
Andreas is right, his patches are needed.
Currently, if your laptop is stolen after resume, they can still data
in swsusp image.
Which shows that swsusp is a security risk if you have sensitive data in
RAM. A thief stealing a running computer can get access to memory
contents much more easy
Hi,
On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
Hi!
Oliver Neukum wrote:
What is the point in doing so after they've rested on the disk for
ages?
The point is not physical access to the disk but data
Rafael J. Wysocki wrote:
Hi,
On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
Hi!
Oliver Neukum wrote:
What is the point in doing so after they've rested on the disk for ages?
The point is not physical access to the disk but
Hi,
On Monday, 11 of April 2005 19:02, Andreas Steinmetz wrote:
Rafael J. Wysocki wrote:
Hi,
On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
Hi!
Oliver Neukum wrote:
What is the point in doing so after they've
On Sun, Apr 10, 2005 at 10:14:55PM +0200, Pavel Machek wrote:
> Hi!
>
> > > Oliver Neukum wrote:
> > > > What is the point in doing so after they've rested on the disk for ages?
> > >
> > > The point is not physical access to the disk but data gathering after
> > > resume or reboot.
> >
> >
Hi!
> > Oliver Neukum wrote:
> > > What is the point in doing so after they've rested on the disk for ages?
> >
> > The point is not physical access to the disk but data gathering after
> > resume or reboot.
>
> After resume or reboot normal access control mechanisms will work
> again. Those
Am Sonntag, 10. April 2005 21:29 schrieb Andreas Steinmetz:
> Oliver Neukum wrote:
> > What is the point in doing so after they've rested on the disk for ages?
>
> The point is not physical access to the disk but data gathering after
> resume or reboot.
After resume or reboot normal access
Pavel Machek wrote:
> Hi!
>
>
>>>Hi! What about doing it right? Encrypt it with symmetric cypher
>>>and store key in suspend header. That way key is removed automagically
>>>while fixing signatures. No need to clear anythink.
>>
>>Good idea. I'll have a look though it will take a while (busy
Oliver Neukum wrote:
> What is the point in doing so after they've rested on the disk for ages?
The point is not physical access to the disk but data gathering after
resume or reboot.
--
Andreas Steinmetz SPAMmers use [EMAIL PROTECTED]
-
To unsubscribe from this list: send
Hi!
> > > > Hi! What about doing it right? Encrypt it with symmetric cypher
> > > > and store key in suspend header. That way key is removed automagically
> > > > while fixing signatures. No need to clear anythink.
>
> You might want to leave the key in the kernel image. You need to boot the
>
> > > Hi! What about doing it right? Encrypt it with symmetric cypher
> > > and store key in suspend header. That way key is removed automagically
> > > while fixing signatures. No need to clear anythink.
You might want to leave the key in the kernel image. You need to boot the
same image
Am Sonntag, 10. April 2005 15:13 schrieb Andreas Steinmetz:
> It may not be desireable to leave swsusp saved pages on disk after
> resume as they may contain sensitive data that was never intended to be
> stored on disk in an way (e.g. in-kernel dm-crypt keys, mlocked pages).
>
> The attached
Hi!
> > Hi! What about doing it right? Encrypt it with symmetric cypher
> > and store key in suspend header. That way key is removed automagically
> > while fixing signatures. No need to clear anythink.
>
> Good idea. I'll have a look though it will take a while (busy with my job).
>
> > OTOH
[reformatted]
Pavel Machek wrote:
> Hi! What about doing it right? Encrypt it with symmetric cypher
> and store key in suspend header. That way key is removed automagically
> while fixing signatures. No need to clear anythink.
Good idea. I'll have a look though it will take a while (busy with my
Hi! What about doing it right? Encrypt it with symmetric cypher and store key
in suspend header. That way key is removed automagically while fixing
signatures. No need to clear anythink. OTOH we may want to dm-crypt whole swap
partition. You could still store key in header... --p
-- pavel.
It may not be desireable to leave swsusp saved pages on disk after
resume as they may contain sensitive data that was never intended to be
stored on disk in an way (e.g. in-kernel dm-crypt keys, mlocked pages).
The attached simple patch against 2.6.11.2 should fix this by zeroing
the swap pages
It may not be desireable to leave swsusp saved pages on disk after
resume as they may contain sensitive data that was never intended to be
stored on disk in an way (e.g. in-kernel dm-crypt keys, mlocked pages).
The attached simple patch against 2.6.11.2 should fix this by zeroing
the swap pages
Hi! What about doing it right? Encrypt it with symmetric cypher and store key
in suspend header. That way key is removed automagically while fixing
signatures. No need to clear anythink. OTOH we may want to dm-crypt whole swap
partition. You could still store key in header... --p
-- pavel.
[reformatted]
Pavel Machek wrote:
Hi! What about doing it right? Encrypt it with symmetric cypher
and store key in suspend header. That way key is removed automagically
while fixing signatures. No need to clear anythink.
Good idea. I'll have a look though it will take a while (busy with my
Hi!
Hi! What about doing it right? Encrypt it with symmetric cypher
and store key in suspend header. That way key is removed automagically
while fixing signatures. No need to clear anythink.
Good idea. I'll have a look though it will take a while (busy with my job).
OTOH we may want
Am Sonntag, 10. April 2005 15:13 schrieb Andreas Steinmetz:
It may not be desireable to leave swsusp saved pages on disk after
resume as they may contain sensitive data that was never intended to be
stored on disk in an way (e.g. in-kernel dm-crypt keys, mlocked pages).
The attached simple
Hi! What about doing it right? Encrypt it with symmetric cypher
and store key in suspend header. That way key is removed automagically
while fixing signatures. No need to clear anythink.
You might want to leave the key in the kernel image. You need to boot the
same image anyway. Leaving
Hi!
Hi! What about doing it right? Encrypt it with symmetric cypher
and store key in suspend header. That way key is removed automagically
while fixing signatures. No need to clear anythink.
You might want to leave the key in the kernel image. You need to boot the
same image
Oliver Neukum wrote:
What is the point in doing so after they've rested on the disk for ages?
The point is not physical access to the disk but data gathering after
resume or reboot.
--
Andreas Steinmetz SPAMmers use [EMAIL PROTECTED]
-
To unsubscribe from this list: send
Pavel Machek wrote:
Hi!
Hi! What about doing it right? Encrypt it with symmetric cypher
and store key in suspend header. That way key is removed automagically
while fixing signatures. No need to clear anythink.
Good idea. I'll have a look though it will take a while (busy with my job).
Am Sonntag, 10. April 2005 21:29 schrieb Andreas Steinmetz:
Oliver Neukum wrote:
What is the point in doing so after they've rested on the disk for ages?
The point is not physical access to the disk but data gathering after
resume or reboot.
After resume or reboot normal access control
Hi!
Oliver Neukum wrote:
What is the point in doing so after they've rested on the disk for ages?
The point is not physical access to the disk but data gathering after
resume or reboot.
After resume or reboot normal access control mechanisms will work
again. Those who can read a
On Sun, Apr 10, 2005 at 10:14:55PM +0200, Pavel Machek wrote:
Hi!
Oliver Neukum wrote:
What is the point in doing so after they've rested on the disk for ages?
The point is not physical access to the disk but data gathering after
resume or reboot.
After resume or reboot
40 matches
Mail list logo