Yes, we have no hibernate today

Henry Hertz Hobbit hhhobbit at securemecca.com
Mon Jun 28 14:04:43 MDT 2010


If you are asked for your pass-phrase for the encrypted disk
that may be just fine.  My previous comment was not worded properly.
What I was concerned about is somebody using either Hibernate
or Suspend with no disk encryption at all.   But whether you use
disk encryption or not you still bypass the login. At least
with full disk encryption you are asked for the disk encryption
password. If you are happy with just the disk encryption password
prompt so am I, UNLESS it contains MY sensitive data.  If it has
my medical or other sensitive data on it then I would be far
happier that you not only used full disk encryption but that
you also just shut it down rather than doing a hibernate
or a suspend.

If you are having no problems with an encrypted SWAP I also
see no problems other than the performance issues.  If you
can live with those ... so can I.  It is what ever makes you
happy.  All I know is that until I used Hibernate I have
never saw anything in my SWAP other than garbage.

My major concern is that with stolen lap-tops from a medium
security facility is that somebody should not be using
Hibernate / Suspend without that disk encryption w. password
prompt at a minimum.  I suspect a LOT of laptop owners
(Linux, Macintosh, and Windows) are doing exactly that
though - using their laptops with no disk encryption at all.
Then they leave them on their desk at work while they go to
lunch, in their car, and in other insecure places thinking
that they will be okay with them put into hibernate / suspend
mode.  I don't think they will be okay. There are too many
horror stories of escaped highly sensitive data on laptops
not using ANY encryption much less full disk encryption to
not issue some sort of warning that hibernate / suspend is
a security risk, albeit lessened if you use disk encryption.

HHH


More information about the PLUG mailing list