[dm-crypt] Dmcrypt and hibernate key disclosure

Arno Wagner arno at wagner.name
Tue Jan 11 10:11:48 CET 2011

On Tue, Jan 11, 2011 at 01:08:16AM +0100, Richard wrote:
> On Fri, Jan 07, 2011 at 09:40:09AM +0800, Aaron Lewis wrote:
> > Hi,
> > 	If i hibernate with an device opened , before i resume , an image was
> > written on swap partition , will there be a problem with my secret key's
> > disclosure ?
> > 
> > 	Just an off-line attack , if swap is not encrypted.
> swap must be encrypted. Works nicely on Fedora, one boot partition and a
> big encrypted dm0 device with several LVM partitions on top of it.

Well, if you are not asked for the swap encryption key on
wakeup, basically everything is open. That would be a rather 
obvious implementation error though.

If you get asked, then it depends on the implementation, but
they do have the right idea.

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list