From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IdVhN-0006oN-6E for garchives@archives.gentoo.org; Thu, 04 Oct 2007 18:45:25 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l94IXjFx028186; Thu, 4 Oct 2007 18:33:45 GMT Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.177]) by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id l94IScmQ022102 for ; Thu, 4 Oct 2007 18:28:38 GMT Received: by py-out-1112.google.com with SMTP id u77so633151pyb for ; Thu, 04 Oct 2007 11:28:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=1iaBk9ewpQqE4YZvkx//cRHu9xP+N8kVtZtiXAKjZ9I=; b=ed07eoNq9O6n2QDp9yUEEjXEgfcH/gSR8mJ8FoJYRRf24Yv0XklsLfpAoyvhbKzn0mkczlceJ+Exuj6WMrBn+kdKrULvoChiMJp+2XGk4ckVLyiuH4HK6eULGbOx8cMlZb1fkJTR6UH8ms1FxEtIVakoGanmakv5NqkJqrACLm0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VACGfGYc8A36GqSRRzHZdEunMvMcGq9rch35QCiiYAcZt3hZWfxg5A3w8RUqW57LWCmOaEr0LyBFMRMjDspwwy4SvFTWKyMxFKNOsrvrMTnNVdA+UXGCe5+CmEJD4zpZ1TZzIWtVWeZxNPlzSLOUBU2J4TgaD2UoretRtCJUhxA= Received: by 10.64.233.12 with SMTP id f12mr25468139qbh.1191522517576; Thu, 04 Oct 2007 11:28:37 -0700 (PDT) Received: by 10.65.215.19 with HTTP; Thu, 4 Oct 2007 11:28:37 -0700 (PDT) Message-ID: <68b1e2610710041128w3d1ced47i49cb4671111dc55f@mail.gmail.com> Date: Thu, 4 Oct 2007 20:28:37 +0200 From: "Liviu Andronic" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions? In-Reply-To: <200710041949.27911.volker.armin.hemmann@tu-clausthal.de> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <68b1e2610710032342j1b47ff5g8f868d8fcc0179ef@mail.gmail.com> <200710041752.03322.volker.armin.hemmann@tu-clausthal.de> <68b1e2610710040904j4c8168b4pd5693b0133451e1f@mail.gmail.com> <200710041949.27911.volker.armin.hemmann@tu-clausthal.de> X-Archives-Salt: eda45306-f842-4e69-bc39-1b6334dd214c X-Archives-Hash: fb3f46b01d4de17571dd815e52038702 On 10/4/07, Volker Armin Hemmann wrote: > > Considering that swap is encrypted, is it realistic for this "lost" > > RAM data to be recovered? Again, take the case of a well funded > > organization. > > that depends on the encryption. Some algorithms are easy to break. Some are > not, some will be broken as soon as we get quantum-computers ;) I'm basing myself mainly on: http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS#Encrypting_swap_for_installation and http://en.wikipedia.org/wiki/AES_process#Rounds_one_and_two for the cipher's choice, and for the method used on: http://www.gentoo.org/proj/en/hardened/disk-cryptography.xml I have settled down to the following: -c blowfish -h sha256 for swap and -c serpent -h sha256 for the sensitive data partitions (/home, etc.). in combination with a "strong" password. How encrypted does this sound? For today, at least.. -- gentoo-user@gentoo.org mailing list