Encrypted swap, suspend, README, root encryption, potential weaknesses, NSA, dual-ciphers

[Christian <neodaxus@xxxxxxx>]

Hello Jari (& list members),

"man swapon" says: "If loop=/dev/loop? and encryption=AES128 options are 
present in /etc/fstab then swapon -a will set up loop devices using 
random keys..."

I hope this is also true for encryption=AES256 ? Possibly you may want 
to add this to your great README.

Is there also a way to check that encrypted swap is working? And is it 
possible to suspend to disk with root encryption?

Further, in your README, at example 7.6, 1-6), is it possible that you 
forgot to add "with exception that in step 2 you must copy aespipe to 
/boot/iso "?

In my second last e-mail answered by you, you didn't comment on my 
question (which I'm reformulating here and in the next paragraph) wheter 
a non-patched gpg would represent a big weakness.

In your README, you assign security level 1 to "gpg encrypted 
'multi-key' key file and/or gpg public+private keys are stored on 
separate removable USB dongle that is not available to attacker." You 
also write that "if USB dongle and its key files are available to 
attacker, security level is equivalent to level 2." By which factor 
would you say that level 2 is less secure than level 1?

Anyway, as some say that the NSA is always about 10 years ahead of us, 
what do you believe are the chances that they already found a way to 
crack your crypto implementation?

Going even further - which ways do exist to set up dual-cipher encryption?

Many thanks,

Christian

P.S. I also want to thank Venkat for his answer.

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/