Hibernation and secret keys

Christoph Anton Mitterer christoph.anton.mitterer at physik.uni-muenchen.de
Thu Feb 12 18:40:22 CET 2009


On Thu, 2009-02-12 at 00:09 +0100, Ingo Klöcker wrote:
> On Wednesday 11 February 2009, Christoph Anton Mitterer wrote:
> > On Wed, 2009-02-11 at 22:37 +0100, Ingo Klöcker wrote:
> > > > Your machine suspends, and writes a snapshot of its memory to
> > > > disk. Sure, let's say it's even encrypted.  When you wake the
> > > > machine, is the encrypted disk still mounted?
> > >
> > > Obviously not.
> >
> > Why? This IS of course possible...
> 
> Do you mean in a secure way? If yes, then that's not what I understood 
> that David meant.

He just meant that one has to now what one does in order to do it really secure, if I understood him correctly.


> USB stick and secure? :-)

Of course. The idea is that you can encrypt everything but the kernel
+initrd, which is needed in order to decrypt the partition (better said,
to set up the dm-crypt mapping).
And an USB stick could be always with you.


Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: </pipermail/attachments/20090212/836750da/attachment.bin>


More information about the Gnupg-users mailing list