Re: recovering from compromised keys

To: debian-devel@lists.debian.org
Subject: Re: recovering from compromised keys
From: Osamu Aoki <osamu@debian.org>
Date: Thu, 23 Sep 2010 23:50:26 +0900
Message-id: <[🔎] 20100923145026.GA5375@debian.org>
In-reply-to: <[🔎] 20100923141306.GA32564@reptile.pseudorandom.co.uk>
References: <[🔎] 20100923141306.GA32564@reptile.pseudorandom.co.uk>

On Thu, Sep 23, 2010 at 03:13:06PM +0100, Simon McVittie wrote:
...
> By policy, we use full-disk encryption at my workplace (where full-disk
> really means "except the bootloader and /boot"). For a 2-year-old recipe for
> it, which I believe still mostly works with grub2, see
> http://smcv.pseudorandom.co.uk/2008/09/cryptroot/

Can we maintain suspend/resume type-features with such configuration?

Unless we use unencrypted swap, it seems we have to give up
suspend/resume.  Then we a bit of loose security ....

How people cope with this on laptop ... I am curious.

Osamu

Reply to:

Follow-Ups:
- Re: recovering from compromised keys
  - From: Mike Hommey <mh@glandium.org>

References:
- Re: recovering from compromised keys
  - From: Simon McVittie <smcv@debian.org>

Prev by Date: Re: debdelta back online
Next by Date: Re: recovering from compromised keys
Previous by thread: Re: recovering from compromised keys
Next by thread: Re: recovering from compromised keys
Index(es):
- Date
- Thread