On 23/12/11 01:00, Gozu-san wrote:
Using encrypted LVM, swap (everything except boot) is encrypted. Still, amnesia requires shutting down the host. If total amnesia is important, you can turn off swap, write zeros to it, and then turn it back on again.
I use encrypted LVM on my laptop. I disabled swap altogether. I placed the boot partition and boot loader on a separate USB stick which I keep on my person at all times. The full disk encryption uses a key file rather than a password. The key file lives on the USB stick, protected using GnuPG's symmetric encryption option. I also patched my Linux kernel with something called TRESOR to prevent the full disk encryption key living in RAM, to help defend against cold boot attacks. I wrote it all up here: https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sophisticated_Attac... -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE