On Fri, 18 Feb 2011 16:54:57 -0500 Ted Unangst wrote: > On Fri, Feb 18, 2011 at 3:35 PM, Joachim Schipper > <joac...@joachimschipper.nl> wrote: > > Actually, if one could specify an encryption password for the memory > > written to disk, a stolen hibernating system would be less dangerous > > than a running/ACPI-sleeping system because it's suddenly impossible to > > get interesting data from the system memory. Interesting data like the > > keys in ssh-agent or a softraid decryption key. > > Not really much difference between encrypting memory that's written to > disk and memory that's just left in memory. >
Unless the power is removed in between. Unfortunately motherboards don't do that without intervention, but they should. I've seen one abit board with a convenient switch but that doesn't help on remote systems. In fact they seem to be getting more and more stupid, especially in Bios access. I also have one system that won't let you hibernate two OS's at once and another system that wants you to reset the bios to detect a new hard disk etc.. Maybe the want for green systems will change keeping power to the ram but I doubt it, they'd need to distinguish between hibernate and standby at the lowest level or remove standby. A password or wipeable password file seem like good ideas to me or the user can just decide whether to allow hibernate at all.
