On Thu, Apr 14, 2005 at 01:24:31AM +0200, Pavel Machek wrote: > > > The ssh keys are *encrypted* in the swap when dmcrypt is used. > > When the swap runs over dmcrypt all writes including those from > > swsusp are encrypted. > > Andreas is right. They are encrypted in swap, but they should not be > there at all. And they are encrypted by key that is still available > after resume. Bad.
The dmcrypt swap can only be unlocked by the user with a passphrase, which is analogous to how you unlock your ssh private key stored on the disk using a passphrase. So I don't see the problem. > First version simply overwrote suspend image in swap with zeros. This > is more clever way to do same thing. This version looks to me like a custom implementation of dmcrypt that lives inside swsusp which ends up being either less secure than simply using dmcrypt due to the lack of a passphrase, or it's going to involve more hacks to get a passphrase from the user at resume time. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/