Re: [PATCH encrypted swsusp 1/3] core functionality

[Pavel Machek]

Hi!

> > > > > The ssh keys are *encrypted* in the swap when dmcrypt is used.
> > > > > When the swap runs over dmcrypt all writes including those from
> > > > > swsusp are encrypted.
> > > > 
> > > > Andreas is right. They are encrypted in swap, but they should not be
> > > > there at all. And they are encrypted by key that is still available
> > > > after resume. Bad.
> > > 
> > > The dmcrypt swap can only be unlocked by the user with a passphrase,
> > > which is analogous to how you unlock your ssh private key stored
> > > on the disk using a passphrase.
> > 
> > Once more:
> > 
> > Andreas' implementation destroys the key during resume.
> 
> This solution is all wrong.
> 
> If you want security of the suspend image while "suspended", encrypt
> with dm-crypt. If you want security of the swap image after resume,
> zero out the portion of swap used. If you want both, do both.

I want security of the swap image, and "just zeroing" is hard to do in
failed suspend case, see previous discussion.

Andreas, do you think you could write nice, long, FAQ entries so that
we don't have to go through this discussion over and over?

								Pavel
-- 
Boycott Kodak -- for their patent abuse against Java.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/