Hibernation and secret keys

[Ingo Klöcker]

On Wednesday 11 February 2009, David Shaw wrote:
> On Wed, Feb 11, 2009 at 10:37:43PM +0100, Ingo Kl?cker wrote:
> > On Wednesday 11 February 2009, David Shaw wrote:
> > > On Wed, Feb 11, 2009 at 12:59:48PM +0100, Christoph Anton
> > > Mitterer
> >
> > wrote:
> > > > A good workaround is to use disk encryption (dm-crypt or
> > > > similar things).
> > >
> > > Encrypted disks don't help without serious OS support around
> > > suspend.
> >
> > Obviously.
> >
> > > Your machine suspends, and writes a snapshot of its memory to
> > > disk. Sure, let's say it's even encrypted.  When you wake the
> > > machine, is the encrypted disk still mounted?
> >
> > Obviously not.
> >
> > Usually your messages are very helpful. Unfortunately, this
> > particular message is the exact opposite. Googling for "encryption
> > suspend to disk linux" I found many websites explaining how this
> > works with most common distributions (mostly out-of-the box, i.e.
> > without compiling a kernel).
>
> Clearly you missed the point.

I don't think so. :-)


> I've seen various cookbook sites on 
> how to do this, and some of them get it dramatically wrong.  Hence
> the question: "When you wake the machine, is the encrypted disk still
> mounted?"

In this context your question makes sense. Without the context it 
sounded like a rhetorical question to me.


> If the answer is "Yes", then you're not protecting very much.  You
> did not succeed in doing what you were trying to do.  If the answer
> is "No", you at least avoided the usual pitfalls.

I missed this last sentence in the message I replied to.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20090212/9dcd0356/attachment.pgp>