[dm-crypt] luksSuspend

Navix navix77 at gmail.com
Thu Jan 27 09:35:26 CET 2011


I have an alarm system that runs a script and I'm looking for the quickest
method to clear the encryption keys from the RAM to prevent cold boot
attacks. The server has two RAID 0 arrays assume "ARRAY0" is the boot drive
that is encrypted and contains Ubuntu 10.04, the cryptsetup binary is on
this array. The other array "ARRAY1" is a storage array that is also
encrypted. Will running the commands below clear the encryption keys from
the RAM even tough the cryptsetup binary is on the encrypted array that will
be suspended and is there a better method for doing this? Also do these
commands clear the write buffer for the hard drive or could some data be
lost?

cryptsetup luksSuspend ARRAY1
cryptsetup luksSuspend ARRAY0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20110127/e2290148/attachment.html>


More information about the dm-crypt mailing list