Tamir Daniely schrieb:
From a technical prospective, reading ram post system shutdown or crash is definitely possible, the data is preserved for several minutes depending on the ram technology, and the time the data can be accessed can be increased significantly by cooling or freezing the ram itself.
Yes, this is a problem. It is possible to wipe the encryption key from memory when hibernation has finished or generally before poweroff, but I have no idea if this is done in Linux. What poses a bigger problem is suspending: Your RAM stays powered all the time and contains your encryption key. cryptsetup has (in its latest release candidate) gained a feature where you can "suspend" a volume by killing the encryption key and later "resume" it by reentering the passphrase. I think it should even be possible to combine this with full system encryption, using a chroot with static cryptsetup and a minimal static shell, which would reside either in a tmpfs or on an unencrypted disk.