Pavel Machek wrote: > I'd like to retain ability to read suspend image in any order (so that > code can be reused for swap encryption, etc). > Pavel
This is not possible with cipher block chaining as used right now. One would have to use a non-random iv set needs to set for every page. And this leads to exactly the same problem why dm-crypt now offers the 'essiv' mode. I don't know if a random access feature is worth this effort as sequential disk access (sequential write, sequential read) is usally the fastest method anyway. For regular swap encryption I do hope that the initrd feature of swsup2 will eventually find its way into the mainline kernel. This way you can have an external key for dm-crypt to access the encrypted swap partition. dm-crypt thus would guard the system during suspend/poweroff while the encrypted suspend image guards against data gathering after resume/reboot (the latter when mkswap is used). -- Andreas Steinmetz SPAMmers use [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
