In <4B47166D.email@example.com>, Stan Hoeppner wrote: >Sjors van der Pluijm put forth on 1/8/2010 5:13 AM: >> 3. Is it ok to have swap and /boot on an encrypted LVM? Swap is okay. Boot depends on your boot loader. I don't know if grub2 can handle this or not. >Never run encryption on swap. Doing so merely burdens performance. I doubt >even NSA, CIA, MI6 encrypt swap partitions on workstations. BS. Encrypting swap is *critical*. If you do not, an attacker can use differential cryptanalysis between what is swapped out and the cyphertext on disk. Before even generating the encryption keys for other devices, you should change the mount options of your swap partition so that it is encrypted using a random key and then remount it. -- Boyd Stephen Smith Jr. ,= ,-_-. =. firstname.lastname@example.org ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Description: This is a digitally signed message part.