[dm-crypt] Encrypt all partitions with dm-crypt

Stayvoid stayvoid at gmail.com
Thu Sep 6 14:54:18 CEST 2012


> You solution will work though, although if you do it with

>  dd_rescue /dev/urandom /dev/sda

> you get a progess indicator.

In that case it's also possible to check the progress like this:

$ kill -USR1 $(pidof dd)

(This should be typed in another terminal.)


> No. You just map it like you stated and then create the filesystem
> on the mapped device.

How to map it? Will the following work?

$ cryptsetup create /dev/sda2 boot
$ cryptsetup create /dev/sda3 main


> mkswap /dev/mapper/main

Is this a typo? I guess that it should be changed to:

mkswap /dev/mapper/swap


> No idea. Suspend-to-disk is insecure unless done right and it
> needs to be done right by your distro.

What about this option [1]?
Is it secure?

I know that some people don't use swap at all because of security issues.
But I'd like to use it.

By the way, are there any differences between a swap partition and a
swap file (in terms of security)?

[1] https://wiki.archlinux.org/index.php/Dm-crypt_with_LUKS#Without_suspend-to-disk_support

Thanks


More information about the dm-crypt mailing list