>11/06/2011 05:52, Christian Jaeger wrote: [trim] >> You can use decrypt_derived or random key for the swap >> partition for instance, > > I'm doing that on two other machines, but IIRC this isn't compatible > with s2disk, which I might want to use on the netbook.
decrypt_derived is compatible with suspend to disk. Use the right script (/lib/cryptsetup/scripts/decrypt_derived) and fill in /etc/initramfs-tools/conf.d/resume. Update initramfs. But in my experience it takes longer to wake up from disk than to reboot, and you have to type the pass-phrase once anyway. If you consider that suspend is barely working in Linux, I don't know if it's worth it. [trim] >> Or store the key on a different media >> plugged-in at boot time > > Yeah, I'm still sometimes thinking about such solutions, also for > normal login; but USB port connectors would be worn out rather quickly > I guess, and still less convenient than typing a password. [trim] You could also store key-files on the first decrypted partition (/root), if you don't care about the luks setup being vulnerable while running that would reduce the password typing. > Christian. > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4df32328.9010...@googlemail.com
