Re: [dm-crypt] passfrase or dev_random for keyfile of a dmcrypt_swap

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Heinz Diehl <htd@fancy-poultry.org>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] passfrase or dev_random for keyfile of a dmcrypt_swap
Date: Mon, 19 Apr 2010 21:01:46 +0200	[thread overview]
Message-ID: <20100419190146.GA7656@fancy-poultry.org> (raw)
In-Reply-To: <20100419163745.C906144B6C@ws5-1.us4.outblaze.com>

On 19.04.2010, Si St wrote: 

> I am thinking about a potential crash and the consequences if the swap partition has to be used for rebuild of something. 
> Then a /dev/random or if necessary /dev/urandom would not be so good.

In this case, the only way to go is to have a passphrase, a randomly
generated key means you're locked out after the partition is closed.

Another possibility, if this sounds acceptable for you, is to pre-generate
a keyfile which resides on the root partition (and you keep a backup of it
on a safe place somwhere outside this machine), which is then used to
automatically unlock the swap partition in the boot process.

next prev parent reply	other threads:[~2010-04-19 19:01 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-04-19 16:37 [dm-crypt] passfrase or dev_random for keyfile of a dmcrypt_swap Si St
2010-04-19 16:54 ` Arno Wagner
2010-04-19 19:01 ` Heinz Diehl [this message]
2010-04-20  5:41 ` Luca Berra
  -- strict thread matches above, loose matches on Subject: below --
2010-04-20 14:15 Si St
2010-04-20 15:15 ` Arno Wagner
2010-04-21  8:34 ` Heinz Diehl
2010-04-21  9:06   ` Jonas Meurer
2010-04-20 18:06 Si St
2010-04-20 19:14 ` Arno Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100419190146.GA7656@fancy-poultry.org \
    --to=htd@fancy-poultry.org \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.