Re: Paranoia is fun [Was Re: -nice tree [was Re: [Swsusp-devel] Re: swsusp problems [was Re: Your opinion on the merge?]]]
Date: Sat Mar 27 2004 - 16:44:48 EST
On Saturday 27 March 2004 09:01 pm, Michael Frank wrote:
> ... so one really would not want to put the key there.
> Each and every shortcut is unsafe as it somwhere has to store the
> full key and could be reverse engineered and broken "easily"
> relative to breaking the key.
If the key is based on hardware details that only root can obtain, it would
require at least having the time to boot the victim computer into another OS
to create the key. If the key is also dependant on details of the running
kernel, it could be even harder to crack it.
Password-based encryption might be wanted for certain cases, but I think most
cases would do fine to prevent the image from being used for anything except
restoring on the original system. That way, it would be significantly more
difficult for someone to gain access to the memory that could be used for
other encrypted things (such as GPG key generation).
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/