|Richard Freeman on 14 Jul 2010 14:35:24 -0700|
On 07/14/2010 03:30 PM, Jason Stelzer wrote:
JP hit the nail on the head. I tend to just encrypt the parts of my $HOME that I care about since the rest of the drive just has off the shelf software I don't care about on it. But either way, all my 'important' drivel is secured and locked up.
Make sure that the parts you care about include swap in this case...Only issue with that is that you can't use linux suspend-to-disk without a working swap partition, so that might not work so well for a laptop.
Anything you access is potentially written out to swap, unless the software is security conscious and locks memory that contains sensitive data. Actually, even then it might get swapped if you hibernate (not sure how that works - obviously it doesn't stay in RAM).
Typical way to encrypt swap is just create a random encryption key at each boot and forget it when the power dies. Swap normally doesn't need to persist across a boot, unless you're using suspend-to-disk.
Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug