1 |
Hello Richard Freeman, |
2 |
|
3 |
> > Use cryptsetup-luks to set up encrypted swap partitions and |
4 |
> > use /etc/conf.d/cryptfs to manage it. If you use a different key for |
5 |
> > swap, there's no risk of it unlocking the wrong partition and |
6 |
> > formatting it. |
7 |
|
8 |
> Hmm - not ideal if you store the key in a config file. I just create a |
9 |
> random key on each boot and it doesn't get recorded anywhere. As a |
10 |
> result it isn't possible to tell if a given partition is a swap or |
11 |
> random data upon the next boot. I could write something to the |
12 |
> partition upon shutdown, but it won't help on an unclean boot and I'd |
13 |
> rather not have to manually intervene anytime that happens... |
14 |
|
15 |
I keep my keys on an encrypted partition, /etc/conf.d/cryptfs prompts for |
16 |
the key for that partition at boot. Then the keys on that partition are |
17 |
used to set up swap and /home before the partition is unmounted, so the |
18 |
keys are only exposed for 2-3 seconds per boot. |
19 |
|
20 |
|
21 |
-- |
22 |
Neil Bothwick |
23 |
|
24 |
Fasten your seatbelt ... I wanna try something. |