[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
On 07/14/2010 03:30 PM, Jason Stelzer wrote:Make sure that the parts you care about include swap in this case...
JP hit the nail on the head. ÂI tend to just encrypt the parts of my
$HOME that I care about since the rest of the drive just has off the
shelf software I don't care about on it. But either way, all my
'important' drivel is secured and locked up.
Only issue with that is that you can't use linux suspend-to-disk without a working swap partition, so that might not work so well for a laptop.
Anything you access is potentially written out to swap, unless the software is security conscious and locks memory that contains sensitive data. ÂActually, even then it might get swapped if you hibernate (not sure how that works - obviously it doesn't stay in RAM).
Typical way to encrypt swap is just create a random encryption key at each boot and forget it when the power dies. ÂSwap normally doesn't need to persist across a boot, unless you're using suspend-to-disk.
Rich
___________________________________________________________________________
Philadelphia Linux Users Group     --    Âhttp://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion Â-- Â http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug