From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jonas@freesources.org>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id reGSPRwzAWLz for <dm-crypt@saout.de>;
 Thu, 11 Jul 2013 11:49:17 +0200 (CEST)
Received: from mail01.freesources.org (mx01.freesources.org [80.237.252.132])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Thu, 11 Jul 2013 11:49:17 +0200 (CEST)
Received: from ip-5-146-93-232.unitymediagroup.de ([5.146.93.232]
 helo=[192.168.0.105])
 by mail01.freesources.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.72) (envelope-from <jonas@freesources.org>)
 id 1UxD6t-0000eN-Fx
 for dm-crypt@saout.de; Thu, 11 Jul 2013 09:24:27 +0000
Message-ID: <51DE79C6.7010306@freesources.org>
Date: Thu, 11 Jul 2013 11:24:22 +0200
From: Jonas Meurer <jonas@freesources.org>
MIME-Version: 1.0
References: <20130711065320.GA19568@tansi.org>
In-Reply-To: <20130711065320.GA19568@tansi.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] encrypted SWAP FAQ item
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Heya,

Am 11.07.2013 08:53, schrieb Arno Wagner:
> Dear all,
> 
> I just have added a mini-HOWOT on how to set up encrypted swap
> in FAQ item 2.2:
> http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
> 
> Proofreading and suggestions welcome. 

Good idea to add it to the FAQ. Thanks for maintaining this very
valuable piece of documentation.

But maybe you should more emphasize the fact that /etc/crypttab
implementations are distro-specific. While I know for sure that options
like swap and noearly are supported in Debian-based distributions, I'm
not sure about Redhat-based ones. Last time I looked, only a small
subset of crypttab options that we've implemented in Debian were
supported on Redhat-based systems.

Additionally, the following sentence looks wrong to me:

"Note: use /dev/random if you are paranoid or in a potential low-entropy
situation (embedded system, etc.).".

Mainly in low-entropy situations /dev/random would cause the boot
process to hang, right? So for these setups /dev/urandom actually is the
better solution. Granted that one isn't paranoid ;)

Kind regards,
 jonas