From: Pavel Machek <pavel@ucw.cz>
To: Matt Mackall <mpm@selenic.com>
Cc: Andrew Morton <akpm@osdl.org>, Andreas Steinmetz <ast@domdv.de>,
linux-kernel@vger.kernel.org
Subject: Re: [swsusp] encrypt suspend data for easy wiping
Date: Wed, 27 Jul 2005 00:14:46 +0200 [thread overview]
Message-ID: <20050726221446.GA24196@elf.ucw.cz> (raw)
In-Reply-To: <20050726220428.GA7425@waste.org>
Hi!
> > > the attached patches are acked by Pavel and signed off by me
> >
> > OK, well I queued this up, without a changelog. Because you didn't send
> > one. Please do so. As it adds a new feature, quite a bit of info is
> > relevant.
>
> I don't like this patch. It reinvents a fair amount of dm_crypt and
> cryptoloop but badly.
>
> Further, the model of security it's using is silly. In case anyone
> hasn't noticed, it stores the password on disk in the clear. This is
> so it can erase it after resume and thereby make recovery of the
> suspend image hard.
>
> But laptops get stolen while they're suspended, not while they're up
> and running. And if your box is up and running and an attacker gains
> access, the contents of your suspend partition are the least of your
> worries. It makes no sense to expend any effort defending against this
> case, especially as it's liable to become a barrier to doing this
> right, namely with real dm_crypt encrypted swap.
Well, "how long are my keys going to stay in swap after
swsusp"... that's pretty scary.
To prevent "stolen while suspended" case... you'd either need to enter
password both during suspend and during resume, or you'd need
asymetric crypto... Rather heavy.
> At the very least, this should be renamed SWSUSP_QUICK_WIPE and any
> mention of encryption should be taken out of the description so users
> don't mistakenly think it provides any sort of useful protection.
SWSUSP_WIPE seems like a better name, right.
Pavel
--
teflon -- maybe it is a trademark, but it should not be.
next prev parent reply other threads:[~2005-07-26 22:16 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-03 21:35 [swsusp] encrypt suspend data for easy wiping Pavel Machek
2005-07-06 9:02 ` Andrew Morton
2005-07-06 9:11 ` Pavel Machek
2005-07-06 12:49 ` Grzegorz Kulewski
2005-07-07 19:14 ` Pavel Machek
2005-07-07 19:30 ` Grzegorz Kulewski
2005-07-17 15:36 ` Andreas Steinmetz
2005-07-26 3:10 ` Andrew Morton
2005-07-26 22:04 ` Matt Mackall
2005-07-26 22:14 ` Pavel Machek [this message]
2005-07-26 22:58 ` Matt Mackall
2005-07-26 23:12 ` Pavel Machek
2005-07-26 23:53 ` Matt Mackall
2005-07-27 7:38 ` Pavel Machek
2005-07-27 14:22 ` Andreas Steinmetz
2005-07-26 22:26 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050726221446.GA24196@elf.ucw.cz \
--to=pavel@ucw.cz \
--cc=akpm@osdl.org \
--cc=ast@domdv.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox