Please Consider Increasing SECMEM_BUFFER_SIZE To 1048576
peter at digitalbrains.com
Thu Oct 19 18:08:52 CEST 2017
On 13/10/17 19:42, Daniel Kahn Gillmor wrote:
> Also, any sensible use of swap today on any machine that has sensitive
> data should be done with an ephemerally-encrypted swap device. In
> particular, on GNU/Linux systems with cryptsetup, that means something
What about a laptop that needs to hibernate? I use full disk encryption, but my
swap is just part of the same encrypted LVM physical volume, encrypted with the
same non-ephemeral key as the rest of the disk. It would be nice to refresh the
key for swap quite often, but this seems non-trivial.
PS: In earlier Debian releases, I also found out that if I used an ephemeral key
for both swap and /tmp, my system would run out of entropy during boot. I don't
know if this is still an issue. The way I solved it back then would not have
worked with systemd, since they decided to not support the "keyscript" option.
This seems like quite a big omission in systemd to me.
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel