From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <htd@fancy-poultry.org>
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.186]) by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Mon, 19 Apr 2010 21:01:50 +0200 (CEST)
Date: Mon, 19 Apr 2010 21:01:46 +0200
From: Heinz Diehl <htd@fancy-poultry.org>
Message-ID: <20100419190146.GA7656@fancy-poultry.org>
References: <20100419163745.C906144B6C@ws5-1.us4.outblaze.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20100419163745.C906144B6C@ws5-1.us4.outblaze.com>
Subject: Re: [dm-crypt] passfrase or dev_random for keyfile of a dmcrypt_swap
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 19.04.2010, Si St wrote: 

> I am thinking about a potential crash and the consequences if the swap partition has to be used for rebuild of something. 
> Then a /dev/random or if necessary /dev/urandom would not be so good.

In this case, the only way to go is to have a passphrase, a randomly
generated key means you're locked out after the partition is closed.

Another possibility, if this sounds acceptable for you, is to pre-generate
a keyfile which resides on the root partition (and you keep a backup of it
on a safe place somwhere outside this machine), which is then used to
automatically unlock the swap partition in the boot process.