[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
Carlos E. R. wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:
>>> You might consider erasing the swap partition when powering off, using
>>> for the purpose "/etc/init.d/halt.local". The perfomance while in use
>>> will be better, but halting will be much slower.
Erasing is no good idea. Too much can go wrong,
and you never will find out.
>> But on the other hand, you are leaving your information thief-readable
>> whenever halt.local is not executed. If the system does not shut down clearly,
>> or the thief knows that he has to unplug the cable (remove the batery) instead
>> of initing-6 he is done.
> If the thief can get to my PC while running, I have bigger worries. He
> might be armed!
So you shutdown youre system whenever going to toilet.
Or for a cup of coffee......
I know of stolen Laptops during working hours.
> Yes. But I'm not that "paranoid".
You Should be!
Or forget thinking about Security.
> As I use "suspend to disk", what worries me is that the password to the
> encrypted partitions is saved in clear in the swap partition - this a
> pending problem. And encrypting the swap partition would not solve it,
> because then I could not suspend to disk, and also I fear that swapping
> would be much slower.
Give it a try. On most systems you can switch over in running
state. (And also back ;-) )
TRIA IT-consulting GmbH
Tel: +49 (89) 92907-0
Fax: +49 (89) 92907-100
Registergericht München HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschäftsführer: Richard Hofbauer
kaufm. Geschäftsleitung: Rosa Igl--------------------------------------------------------
Nachricht von: Dirk.Schreiner@xxxxxxx
Nachricht an: robin1.listas@xxxxxxxxxx, suse-security@xxxxxxxx
# Dateianhänge: 0
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here