public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Pavel Machek <pavel@ucw.cz>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Matt Mackall <mpm@selenic.com>, Andreas Steinmetz <ast@domdv.de>,
	rjw@sisk.pl, linux-kernel@vger.kernel.org
Subject: Re: [PATCH encrypted swsusp 1/3] core functionality
Date: Thu, 14 Apr 2005 11:05:24 +0200	[thread overview]
Message-ID: <20050414090524.GA1706@elf.ucw.cz> (raw)
In-Reply-To: <20050414080837.GA1264@gondor.apana.org.au>

On Čt 14-04-05 18:08:37, Herbert Xu wrote:
> On Thu, Apr 14, 2005 at 08:51:25AM +0200, Pavel Machek wrote:
> >
> > > This solution is all wrong.
> > > 
> > > If you want security of the suspend image while "suspended", encrypt
> > > with dm-crypt. If you want security of the swap image after resume,
> > > zero out the portion of swap used. If you want both, do both.
> 
> Pavel, you're not answering our questions.
> 
> How is the proposed patch any more secure compared to swsusp over
> dmcrypt?

It is not "more secure". It solves completely different problem.

> In fact if anything it is less secure.  If I understand correctly the
> proposal is to store the key used to encrypt the swsusp image in the
> swap device.  This means that anybody who gains access to the swap
> device can trivially decrypt it.

Yes. It also means that key is gone after resume.

> Compare this to the properly setup dmcrypt case where the swap
> device can only be decrypted with a passphrase obtained from the
> user at resume time.

Solution above does not require passphrase (so users will actually use
it) and dmcrypt with passphrase does not destroy the key after resume,
so data can still be recovered.

They are orthogonal. You want both.

If something is still unclear, we can talk on irc somewhere, if you
agree to write FAQ entry afterwards ;-).
								Pavel
-- 
Boycott Kodak -- for their patent abuse against Java.

  parent reply	other threads:[~2005-04-14  9:06 UTC|newest]

Thread overview: 51+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-10 23:19 [PATCH encrypted swsusp 1/3] core functionality Andreas Steinmetz
2005-04-11 10:25 ` Pavel Machek
2005-04-11 10:36   ` folkert
2005-04-11 11:01     ` Pavel Machek
2005-04-11 11:38       ` folkert
2005-04-11 16:28       ` Andreas Steinmetz
2005-04-11 16:36         ` Pavel Machek
2005-04-11 13:08     ` Andreas Steinmetz
2005-04-11 11:08 ` Pavel Machek
2005-04-11 13:11   ` Andreas Steinmetz
2005-04-11 16:11   ` Andreas Steinmetz
2005-04-11 20:57     ` Rafael J. Wysocki
2005-04-11 21:08       ` Pavel Machek
2005-04-11 21:35         ` Rafael J. Wysocki
2005-04-12 10:07           ` Andreas Steinmetz
2005-04-12 10:52       ` Andreas Steinmetz
2005-04-12 13:17       ` Andreas Steinmetz
2005-04-13 11:59         ` Herbert Xu
2005-04-13 12:59           ` Andreas Steinmetz
2005-04-13 21:27             ` Herbert Xu
2005-04-13 22:29               ` Andreas Steinmetz
2005-04-13 23:10                 ` Herbert Xu
2005-04-13 23:24                   ` Pavel Machek
2005-04-13 23:39                     ` Herbert Xu
2005-04-13 23:46                       ` Pavel Machek
2005-04-14  0:35                         ` Matt Mackall
2005-04-14  6:51                           ` Pavel Machek
2005-04-14  8:08                             ` Herbert Xu
2005-04-14  9:04                               ` Rafael J. Wysocki
2005-04-14 17:11                                 ` Matt Mackall
2005-04-14 19:27                                   ` Stefan Seyfried
2005-04-14 19:53                                     ` Matt Mackall
2005-04-14 20:18                                       ` Pavel Machek
2005-04-14 22:27                                         ` Matt Mackall
2005-04-14 22:11                                       ` Andy Isaacson
2005-04-14 22:48                                         ` Matt Mackall
2005-04-15  9:44                                           ` Andreas Steinmetz
2005-04-15  9:44                                       ` Andreas Steinmetz
2005-04-15 17:00                                         ` Matt Mackall
2005-04-14 20:13                                   ` Pavel Machek
2005-04-14  9:05                               ` Pavel Machek [this message]
2005-04-15  9:44                             ` Andreas Steinmetz
2005-04-15  9:47                               ` Pavel Machek
2005-04-14  1:13                       ` Bernd Eckenfels
2005-04-14  8:27                         ` Pavel Machek
2005-04-14  8:31                       ` encrypted swap (was Re: [PATCH encrypted swsusp 1/3] core functionality) Andy Isaacson
2005-04-14  8:38                         ` Herbert Xu
2005-04-14  8:49                           ` Arjan van de Ven
2005-04-14  1:11                   ` [PATCH encrypted swsusp 1/3] core functionality Bernd Eckenfels
2005-04-13 13:22         ` Pavel Machek
2005-04-13 14:45           ` Andreas Steinmetz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050414090524.GA1706@elf.ucw.cz \
    --to=pavel@ucw.cz \
    --cc=ast@domdv.de \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mpm@selenic.com \
    --cc=rjw@sisk.pl \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox