Re: Encrypted swap, suspend, README, root encryption, potential weaknesses,NSA, dual-ciphers

[Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx>]

Christian wrote:
> "man swapon" says: "If loop=/dev/loop? and encryption=AES128 options are
> present in /etc/fstab then swapon -a will set up loop devices using
> random keys..."
> 
> I hope this is also true for encryption=AES256 ? Possibly you may want
> to add this to your great README.

Of course it works with encryption=AES256

> Is there also a way to check that encrypted swap is working?

"cat /proc/swaps" command should show one or more lines starting with
/dev/loop string.

> And is it possible to suspend to disk with root encryption?

I don't recommend suspend when there are encryption keys in kernel RAM.

> Further, in your README, at example 7.6, 1-6), is it possible that you
> forgot to add "with exception that in step 2 you must copy aespipe to
> /boot/iso "?

aespipe needs to be in /boot not in /boot/iso 

> In my second last e-mail answered by you, you didn't comment on my
> question (which I'm reformulating here and in the next paragraph) wheter
> a non-patched gpg would represent a big weakness.
> 
> In your README, you assign security level 1 to "gpg encrypted
> 'multi-key' key file and/or gpg public+private keys are stored on
> separate removable USB dongle that is not available to attacker." You
> also write that "if USB dongle and its key files are available to
> attacker, security level is equivalent to level 2." By which factor
> would you say that level 2 is less secure than level 1?

Human memorizable passphrase that protects the key file is the weakest part.
If attacker does not have that file, then it eliminates that weakness.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/