| 1 |
Hello Richard Freeman, |
| 2 |
|
| 3 |
> > Use cryptsetup-luks to set up encrypted swap partitions and |
| 4 |
> > use /etc/conf.d/cryptfs to manage it. If you use a different key for |
| 5 |
> > swap, there's no risk of it unlocking the wrong partition and |
| 6 |
> > formatting it. |
| 7 |
|
| 8 |
> Hmm - not ideal if you store the key in a config file. I just create a |
| 9 |
> random key on each boot and it doesn't get recorded anywhere. As a |
| 10 |
> result it isn't possible to tell if a given partition is a swap or |
| 11 |
> random data upon the next boot. I could write something to the |
| 12 |
> partition upon shutdown, but it won't help on an unclean boot and I'd |
| 13 |
> rather not have to manually intervene anytime that happens... |
| 14 |
|
| 15 |
I keep my keys on an encrypted partition, /etc/conf.d/cryptfs prompts for |
| 16 |
the key for that partition at boot. Then the keys on that partition are |
| 17 |
used to set up swap and /home before the partition is unmounted, so the |
| 18 |
keys are only exposed for 2-3 seconds per boot. |
| 19 |
|
| 20 |
|
| 21 |
-- |
| 22 |
Neil Bothwick |
| 23 |
|
| 24 |
Fasten your seatbelt ... I wanna try something. |
Archives