Rafael J. Wysocki wrote:
> Hi,
>
> On Monday, 11 of April 2005 19:02, Andreas Steinmetz wrote:
>
>>Rafael J. Wysocki wrote:
>>
>>>Hi,
>>>
>>>On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
>>>
>>>
Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
>Hi!
>
>
>>
Hi,
On Monday, 11 of April 2005 19:02, Andreas Steinmetz wrote:
> Rafael J. Wysocki wrote:
> > Hi,
> >
> > On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
> >
> >>Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
> >>
> >>>Hi!
> >>>
> >>>
> >Oliver Neukum wrote:
> >
> >>
Rafael J. Wysocki wrote:
> Hi,
>
> On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
>
>>Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
>>
>>>Hi!
>>>
>>>
>Oliver Neukum wrote:
>
>>What is the point in doing so after they've rested on the disk for ages?
>
>The poi
Hi,
On Monday, 11 of April 2005 12:37, Oliver Neukum wrote:
> Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
> > Hi!
> >
> > > > Oliver Neukum wrote:
> > > > > What is the point in doing so after they've rested on the disk for
> > > > > ages?
> > > >
> > > > The point is not physical ac
> Andreas is right, his patches are needed.
>
> Currently, if your laptop is stolen after resume, they can still data
> in swsusp image.
Which shows that swsusp is a security risk if you have sensitive data in
RAM. A thief stealing a running computer can get access to memory
contents much more ea
Am Sonntag, 10. April 2005 22:14 schrieb Pavel Machek:
> Hi!
>
> > > Oliver Neukum wrote:
> > > > What is the point in doing so after they've rested on the disk for ages?
> > >
> > > The point is not physical access to the disk but data gathering after
> > > resume or reboot.
> >
> > After resum
Hi!
> > Encrypting swsusp image is of course even better, because you don't
> > have to write large ammounts of zeros to your disks during resume ;-).
>
> How does zeroing help if they steal the laptop? The data is there, they
> can just pull the hard disk out and mirror it before they boot.
>
Pavel Machek wrote:
> Encrypting swsusp image is of course even better, because you don't
> have to write large ammounts of zeros to your disks during resume ;-).
and while we are at it: compressing before encryption will also reduce
the amount of data you have to write during suspend... ;-)
>
On Sun, Apr 10, 2005 at 10:14:55PM +0200, Pavel Machek wrote:
> Hi!
>
> > > Oliver Neukum wrote:
> > > > What is the point in doing so after they've rested on the disk for ages?
> > >
> > > The point is not physical access to the disk but data gathering after
> > > resume or reboot.
> >
> > Afte
Hi!
> > Oliver Neukum wrote:
> > > What is the point in doing so after they've rested on the disk for ages?
> >
> > The point is not physical access to the disk but data gathering after
> > resume or reboot.
>
> After resume or reboot normal access control mechanisms will work
> again. Those who
Am Sonntag, 10. April 2005 21:29 schrieb Andreas Steinmetz:
> Oliver Neukum wrote:
> > What is the point in doing so after they've rested on the disk for ages?
>
> The point is not physical access to the disk but data gathering after
> resume or reboot.
After resume or reboot normal access contro
Pavel Machek wrote:
> Hi!
>
>
>>>Hi! What about doing it right? Encrypt it with symmetric cypher
>>>and store key in suspend header. That way key is removed automagically
>>>while fixing signatures. No need to clear anythink.
>>
>>Good idea. I'll have a look though it will take a while (busy with
Oliver Neukum wrote:
> What is the point in doing so after they've rested on the disk for ages?
The point is not physical access to the disk but data gathering after
resume or reboot.
--
Andreas Steinmetz SPAMmers use [EMAIL PROTECTED]
-
To unsubscribe from this list: send t
Hi!
> > > > Hi! What about doing it right? Encrypt it with symmetric cypher
> > > > and store key in suspend header. That way key is removed automagically
> > > > while fixing signatures. No need to clear anythink.
>
> You might want to leave the key in the kernel image. You need to boot the
> sa
> > > Hi! What about doing it right? Encrypt it with symmetric cypher
> > > and store key in suspend header. That way key is removed automagically
> > > while fixing signatures. No need to clear anythink.
You might want to leave the key in the kernel image. You need to boot the
same image anyway.
Am Sonntag, 10. April 2005 15:13 schrieb Andreas Steinmetz:
> It may not be desireable to leave swsusp saved pages on disk after
> resume as they may contain sensitive data that was never intended to be
> stored on disk in an way (e.g. in-kernel dm-crypt keys, mlocked pages).
>
> The attached simp
Hi!
> > Hi! What about doing it right? Encrypt it with symmetric cypher
> > and store key in suspend header. That way key is removed automagically
> > while fixing signatures. No need to clear anythink.
>
> Good idea. I'll have a look though it will take a while (busy with my job).
>
> > OTOH we
[reformatted]
Pavel Machek wrote:
> Hi! What about doing it right? Encrypt it with symmetric cypher
> and store key in suspend header. That way key is removed automagically
> while fixing signatures. No need to clear anythink.
Good idea. I'll have a look though it will take a while (busy with my
Hi! What about doing it right? Encrypt it with symmetric cypher and store key
in suspend header. That way key is removed automagically while fixing
signatures. No need to clear anythink. OTOH we may want to dm-crypt whole swap
partition. You could still store key in header... --p
-- pavel. Sent
19 matches
Mail list logo
