Re: recovering from compromised keys

To: debian-devel@lists.debian.org
Subject: Re: recovering from compromised keys
From: Mike Hommey <mh@glandium.org>
Date: Thu, 23 Sep 2010 17:14:01 +0200
Message-id: <[🔎] 20100923151401.GA7898@glandium.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20100923145026.GA5375@debian.org>
References: <[🔎] 20100923141306.GA32564@reptile.pseudorandom.co.uk> <[🔎] 20100923145026.GA5375@debian.org>

On Thu, Sep 23, 2010 at 11:50:26PM +0900, Osamu Aoki wrote:
> On Thu, Sep 23, 2010 at 03:13:06PM +0100, Simon McVittie wrote:
> ...
> > By policy, we use full-disk encryption at my workplace (where full-disk
> > really means "except the bootloader and /boot"). For a 2-year-old recipe for
> > it, which I believe still mostly works with grub2, see
> > http://smcv.pseudorandom.co.uk/2008/09/cryptroot/
> 
> Can we maintain suspend/resume type-features with such configuration?
> 
> Unless we use unencrypted swap, it seems we have to give up
> suspend/resume.  Then we a bit of loose security ....
> 
> How people cope with this on laptop ... I am curious.

You only need to give up *randomized* swap encryption. You can still
have an encrypted swap, you just can't use a random key.

Mike

Reply to:

Follow-Ups:
- Re: recovering from compromised keys
  - From: Roland Mas <lolando@debian.org>

References:
- Re: recovering from compromised keys
  - From: Simon McVittie <smcv@debian.org>
- Re: recovering from compromised keys
  - From: Osamu Aoki <osamu@debian.org>

Prev by Date: Re: recovering from compromised keys
Next by Date: Re: recovering from compromised keys
Previous by thread: Re: recovering from compromised keys
Next by thread: Re: recovering from compromised keys
Index(es):
- Date
- Thread