Re: mlock(1)

[Andrea Arcangeli <andrea@novell.com>]

On Mon, Sep 27, 2004 at 08:32:43PM +1000, Nigel Cunningham wrote:
> I loved Andrea's compare-the-checksum idea, but don't see why the
> passphrase is needed both times either. Then again I have zero
> experience with encryption. In fact, I care so much about security that
> I don't have a root password and have sudo without a password :>

I also have sudo without password of course, the issue here is only
about somebody stoling your harddisk. I'm fine about having zero local
security and blocking everything with the firewall as far as it's me
owning the machine ;).

I have encrypted data in my harddisk, and I simply cannot use suspend
that would dump into the swap partition the cleartext password making my
encryption void (plus it increases the probability to dump credit card
numbers or kwallet entries into the swap, but that's a separate problem
not really related to suspend).

Basically to avoid to type the password during suspend, we'd need an
algorihtm that encrypts with a public key stored on the harddisk and
restore with the private key that sits only on a human brain.  The
public key would be stored on the harddisk and it would be used by
suspend to write to the swap partition. the resume password would be
asked to the user and used to decrypt the data. I think it should work
fine in theory.

However AFIK those public/private key algorithms only works securely with tons of
bits (a lot more than with a symmetic encryption), so I don't see how
can an human could possibly remeber such a long private key by memory. I
guess to make it work you'd need an USB pen to store it and unplug it
(then you'd have to be careful not to lose the USB pen). So I think it's
much simpler to use symmetric crypto (like cryptoloop) and to ask the
password during suspend too.