Paranoia is fun [Was Re: -nice tree [was Re: [Swsusp-devel] Re: swsusp problems [was Re: Your opinion on the merge?]]]
From: Michael Frank
Date: Sat Mar 27 2004 - 16:08:53 EST
This thread mutates fast :)
On Sat, 27 Mar 2004 20:03:35 +0000, Luke-Jr <luke-jr@xxxxxxxxxxx> wrote:
On Saturday 27 March 2004 07:50 pm, Micha Feigin wrote:
If the key is given at resume command line and this is properlyThe resume command line is usually stored on the same disk as the image in a
forgotten when the resumed kernel kicks in then a user key will also
probably be ok.
... so one really would not want to put the key there.
Each and every shortcut is unsafe as it somwhere has to store the
full key and could be reverse engineered and broken "easily"
relative to breaking the key.
Guess Micha meant to edit the resume command line prior to
boot, which would work at this time.
The only "safe" way is to enter the key when prompted
For references Google for cryptoswap, loop-aes, cryptoapi
Also resuming kernel md5 checksum should flow into the key to
prevent some schlaphut replacing the kernel. (I know that
it would be hard to make addresses match, but still easier
than breaking the key). So, this is really important.
It was discussed to pass the resume command line on to the
resumed kernel for config, in which case the key should be
stripped prior to doing so.
I say "safe" because it is safe only as long as noone can observe
key entry or touch the machine to install a (keyboard) bug...
BTW, When did we look last into our keyboards and are we
sure there are no spare chips (bugs) planted in our machines ;)
Well, perhaps we need linux computers implanted into our teeth
so that we can be "more" safe. The key could be transmitted
by tongue using (morse) code however (unauthorized) third party
objects must be prevented from entering the mouth to prevent spying.
Well, should I mention what could be hidden _on_ those bloody chips.
Have a nice day.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/