Re: Disc encryptian.
Le Thu 24/02/2011, Ron Johnson disait
> On 02/24/2011 08:30 AM, Boyd Stephen Smith Jr. wrote:
> >On Thursday 24 February 2011 07:03:23 Ron Johnson wrote:
> >>On 02/24/2011 06:22 AM, Brad Alexander wrote:
> >>[snip]
> >>
> >>>Also, please remember, when the system is running, the filesystem is
> >>>*decrypted*. Encryption is not going to protect you when the system is
> >>>running.
> >>
> >>So what you/we need are apps which integrate GPG. That way, files
> >>are only decrypted when necessary.
> >
> >Depends on what you are trying to defend against. Full-disk encryption is
> >meant to defend against physically stolen or confiscated servers, drives, or
> >laptops from being accessed. When a laptop is on, it is generally being
> >closely observed, so when it is stolen it is usually off. Servers and drives
>
> Except that many laptop users suspend or hibernate their machines
> for faster startup.
Hibernation is done on encrypted disk, thus it is safe. However suspend to RAM is not, decryption keys stay in RAM, and if RAM is extracted in proper condition (at low temperature, but not so low it is very expnsive to achieve this temperature), itcan be read several minutes after extraction.
--
Erwan
Reply to: