[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?



Hi Carlos,

Carlos E. R. wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:
> 
>>> You might consider erasing the swap partition when powering off, using
>>> for the purpose "/etc/init.d/halt.local". The perfomance while in use
>>> will be better, but halting will be much slower.
>>>

Erasing is no good idea. Too much can go wrong,
and you never will find out.


[...]

>> But on the other hand, you are leaving your information thief-readable
>> whenever halt.local is not executed. If the system does not shut down clearly,
>> or the thief knows that he has to unplug the cable (remove the batery) instead
>> of initing-6 he is done.
> 
> If the thief can get to my PC while running, I have bigger worries. He 
> might be armed! 
> 

So you shutdown youre system whenever going to toilet.
Or for a cup of coffee......

I know of stolen Laptops during working hours.



> Yes. But I'm not that "paranoid".

You Should be!
Or forget thinking about Security.

> 
> As I use "suspend to disk", what worries me is that the password to the 
> encrypted partitions is saved in clear in the swap partition - this a 
> pending problem. And encrypting the swap partition would not solve it, 
> because then I could not suspend to disk, and also I fear that swapping 
> would be much slower.

Give it a try. On most systems you can switch over in running
state. (And also back ;-) )

Dirk   
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
TRIA IT-consulting GmbH 
Joseph-Wild-Straße 20 
81829 München 
Germany 
Tel: +49 (89) 92907-0 
Fax: +49 (89) 92907-100  
http://www.tria.de 
 
 
Registergericht München HRB 113466 
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 
Geschäftsführer: Richard Hofbauer 
kaufm. Geschäftsleitung: Rosa Igl--------------------------------------------------------
Nachricht von: Dirk.Schreiner@xxxxxxx 
Nachricht an: robin1.listas@xxxxxxxxxx, suse-security@xxxxxxxx 
# Dateianhänge: 0 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here