[dm-crypt] Encrypt all partitions with dm-crypt

Heinz Diehl htd at fancy-poultry.org
Sat Sep 8 16:37:18 CEST 2012


On 08.09.2012, Arno Wagner wrote: 

> Swap can be encrypted with a one-time passphrase. This is more
> secure as a constant passphrase. It can also be done 
> non-interactively. The (slight) security decrease when encrypting
> swap with a static passphrase is that in the future you may still
> find stuff in there if the passphrase gets compromised.

When the passphrase gets compromised it'll be of no relevance what
somebody will find inside the unencrypted swap. All swap content 
is derived from data of the system itself, which then also will be
compromised. At least if a global passphrase is used.

If every partition on a system has its own and unique passphrase, nobody
would attack swapspace in the first place. There's more to get
attacking the users /home or the root-partition.



More information about the dm-crypt mailing list