Comments on: Advanced Encryption Options Land in the YaST Partitioner Blogs and Ramblings of the openSUSE Members Fri, 06 Mar 2020 17:50:09 +0000 hourly 1 By: Yast Team Wed, 09 Oct 2019 12:08:24 +0000 For more details about using a volatile protected key for swap encryption, you can check this document

And about the label, your are right. “Encryption with Volatile Random Key” would be more correct. We will change it. Thanks for the feedback!

By: cjk Wed, 09 Oct 2019 10:58:37 +0000 >s390 systems offering that technology, the swap can be encrypted on every boot using a volatile protected AES key, which offers an extra level of security compared to regular encryption using data from /dev/urandom.

swap-with-random-key already implies a volatile key, at least if I am using the “swap” definition of crypttab(5), and I hope yast does too. So the “protected AES” key has no value over a random volume key, except that it is encrypted again(?) somewhere(?) with AES(?) for what benefit? The explanation is severly lacking, the more so the dropdown box.

At the very least, it should be “Encryption with volatile random key” in the text, because the encryption is not volatile (the data is basically still there after a reboot), but the keys are (gone after a reboot).