Comments on: Advanced Encryption Options Land in the YaST Partitioner https://lizards.opensuse.org/2019/10/09/advanced-encryption-yast/ Blogs and Ramblings of the openSUSE Members Fri, 06 Mar 2020 17:50:09 +0000 hourly 1 https://wordpress.org/?v=4.7.5 By: Yast Team https://lizards.opensuse.org/2019/10/09/advanced-encryption-yast/#comment-17133 Wed, 09 Oct 2019 12:08:24 +0000 http://lizards.opensuse.org/?p=14054#comment-17133 For more details about using a volatile protected key for swap encryption, you can check this document https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.lxdc/lxdc_swapdisks.html

And about the label, your are right. “Encryption with Volatile Random Key” would be more correct. We will change it. Thanks for the feedback!

]]> By: cjk https://lizards.opensuse.org/2019/10/09/advanced-encryption-yast/#comment-17132 Wed, 09 Oct 2019 10:58:37 +0000 http://lizards.opensuse.org/?p=14054#comment-17132 >s390 systems offering that technology, the swap can be encrypted on every boot using a volatile protected AES key, which offers an extra level of security compared to regular encryption using data from /dev/urandom.

swap-with-random-key already implies a volatile key, at least if I am using the “swap” definition of crypttab(5), and I hope yast does too. So the “protected AES” key has no value over a random volume key, except that it is encrypted again(?) somewhere(?) with AES(?) for what benefit? The explanation is severly lacking, the more so the dropdown box.

At the very least, it should be “Encryption with volatile random key” in the text, because the encryption is not volatile (the data is basically still there after a reboot), but the keys are (gone after a reboot).

]]>