Conversation
Notices
-
Finally migrated my 400 GB /home to LUKS+XFS. Nothing to hide but nothing to share with any government either !
- @mcscx@quitter.se repeated this.
-
@grimsdottir swap can potentially contain cryptographic secrets. /tmp is more that it might leak your system data in general. Fortunately both are easy to setup and don't need further interaction upon boot etc.
To setup the swap you just need an entry in /etc/crypttab + /etc/fstab and cryptsetup will do things automagically for you in 99% of distros.
/etc/crypttab:
cswap1 UUID=1234...cdef /dev/urandom swap
/etc/fstab:
/dev/mapper/cswap1 none swap sw 0 0
Get your swap partition's UUID from ls -lah /dev/disks/by-uuid
-
@grimsdottir if /tmp is mounted as an in-memory or under the / filesystem you don't have to do anything. Only if you've set it up as a separate partition for some reason.
-
@grimsdottir You can set encryption configuration in /etc/crypttab btw, the "swap" parameter can be extended with comma-separated options, for example: cipher=blowfish-cbc-essiv:sha256,size=256,swap
-
@grimsdottir Yeah, but if you're going for an encrypted filesystem, you _certainly_ don't want to store an unencrypted memory dump anyway. :D
I've never toyed with waking up from hibernation using a crypto passphrase. I just hust the computer down properly every time I want to give it some rest. Modern computers don't take very long to boot up anyway.
Anna Grímsdóttir
MMN-o ✅⃠
All Chirp! content and data are available under the