On Sun, August 13, 2006 19:45, martin f krafft said: > also sprach martin f krafft <[EMAIL PROTECTED]> [2006.08.13.1805 +0100]: >> thinking about this some more, maybe this issue can only be solved >> if suspend first disables swap and dm-crypt, then suspends to the >> raw block device, then after resume restores a new swap with a new >> random key. > > ... in which case the suspend data would not be encrypted, which is > BAD. disregard my suggestion. > > instead, how about dumping the (random) key to the initramfs and > encrypting it with a symmetric one determined by the user? or if the > swap is encrypted with luks, just add a new key on suspend and > remove it after resume. > > question is how to get that symmetric key from the user...
Actually, getting a symmetric key from the user is much like setting up the swap partition not to use a random key in the first place. I think the solution would be simply to document that swap-with-random-key and swsusp is not a supported combination and recommend that users use a static key for their swap partitions if they want to use swsusp. I still have to add resume partition enabling to the cryptsetup initramfs scripts though. Regards, David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
