Conor Schaefer on 14 Jul 2010 14:41:14 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Laptop recovery--useful data to collect?

  • From: Conor Schaefer <conor.schaefer@gmail.com>
  • To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
  • Subject: Re: [PLUG] Laptop recovery--useful data to collect?
  • Date: Wed, 14 Jul 2010 17:41:08 -0400
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=zF8tgK6Fw6RTBsJEcf3/5UaaexS0+iq1fsbyh9LIvOM=; b=UO1yvC6Y9ShbrVP7/7XvHbIm8yHoO7k/KWPdR0SpNAnas25ZhIrg4XyGgJfpacljQV DxXoLKY6/lL+8tTuV8SBR88iRT5eJwT9Hwi9Cp8eeLSdKR1DsohCcg/uCI7vhs1I0830 3Jlgw/96DqKTF9epJUYwyF33g3WDXtunMFL4I=
  • Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
  • Sender: plug-bounces@lists.phillylinux.org
On Wed, Jul 14, 2010 at 5:34 PM, Richard Freeman <r-plug@thefreemanclan.net> wrote:
On 07/14/2010 03:30 PM, Jason Stelzer wrote:
JP hit the nail on the head. ÂI tend to just encrypt the parts of my
$HOME that I care about since the rest of the drive just has off the
shelf software I don't care about on it. But either way, all my
'important' drivel is secured and locked up.

Make sure that the parts you care about include swap in this case...

Only issue with that is that you can't use linux suspend-to-disk without a working swap partition, so that might not work so well for a laptop.

Maybe I'm being overly semantic here, but it's also possible to use a swapfile, as long as you manually add the swap-offset of that file on the partition on which it resides.
Â
Anything you access is potentially written out to swap, unless the software is security conscious and locks memory that contains sensitive data. ÂActually, even then it might get swapped if you hibernate (not sure how that works - obviously it doesn't stay in RAM).

Although I'm not currently using it, there's a neat utility called uswsusp (should be in Debian repos, site here: http://suspend.sourceforge.net/) that, IIRC, supports encrypting a swap file before entering hibernation. Should be minimal config compared to some other options out there.

Typical way to encrypt swap is just create a random encryption key at each boot and forget it when the power dies. ÂSwap normally doesn't need to persist across a boot, unless you're using suspend-to-disk.

Rich

___________________________________________________________________________
Philadelphia Linux Users Group     --    Âhttp://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion Â-- Â http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug