>You don't. Swap is only good for one power-cycle anyway, regardless of
>encryption. As such, the legitimate user won't ever need to regenerate the
>key. Since black hat can't root, they can't get the key (assuming physical
>security is OK), and after reboot they can't recover the contents of the swap
>space because it is encrypted. So even if they nick the machine/drive/whatever
>they can't get the swap contents after the power has been cycled and the key
>lost.
>
Until someone figures out how to dump the key to disk.
-- Please note - If you do not have the same beliefs as we do, you are going to burn in Hell forever.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/