Re: Encrypted swap and partitions

[Marc Singer <elf@buici.com>]

On Fri, Aug 15, 2003 at 07:24:57PM +0200, Vincent Bernat wrote:
> OoO Pendant le repas du vendredi 15 ao?t 2003, vers 19:18, Marc Singer
> <elf@buici.com> disait:
> 
> >> Yes, it is possible. Use mcookie to build a password (or any other
> >> tool), then instruct losetup to read the password from stdin (-p 0).
> 
> > I must defer to you on this since I cannot reproduce the reference.
> > What I recall is that the key was generated on-the-fly by one of the
> > kernel components.
> 
> To setup encrypted swap, you can do :
> 
> dd if=/dev/hda10 bs=1024 count=40 2>/dev/null | mcookie -f /dev/stdin | \
>  losetup -p 0 -e aes -k 128 /dev/loop0 /dev/hda10
> 
> (assuming that /dev/loop0 is free and /dev/hda10 is the swap)
> 
> mkswap /dev/loop0
> swapon -p 0 /dev/loop0
> 
> The dd is used as a third "random" source. Since the swap was
> previously encrypted, it is a "good" random source.

Then, if I understand you correctly, you agree that it is possible to
encrypt the swap space without user interaction.