[dm-crypt] Dmcrypt and hibernate key disclosure

Arno Wagner arno at wagner.name
Tue Jan 11 10:11:48 CET 2011


On Tue, Jan 11, 2011 at 01:08:16AM +0100, Richard wrote:
> On Fri, Jan 07, 2011 at 09:40:09AM +0800, Aaron Lewis wrote:
> > Hi,
> > 	If i hibernate with an device opened , before i resume , an image was
> > written on swap partition , will there be a problem with my secret key's
> > disclosure ?
> > 
> > 	Just an off-line attack , if swap is not encrypted.
> 
> swap must be encrypted. Works nicely on Fedora, one boot partition and a
> big encrypted dm0 device with several LVM partitions on top of it.
> 

Well, if you are not asked for the swap encryption key on
wakeup, basically everything is open. That would be a rather 
obvious implementation error though.

If you get asked, then it depends on the implementation, but
they do have the right idea.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list