[arch-general] Full system encryption with support for hibernation
Cedric Staniewski
cedric at gmx.ca
Sun Oct 25 11:54:24 EDT 2009
Karol Babioch wrote:
> Hi,
>
> On So, 2009-10-25 at 11:27 -0400, Daenyth Blank wrote:
>> Could you put the key on a usb drive so that the drive is required to
>> unlock the partitions?
>
> thank you very much for your reply. However I don't like the idea to
> store my key(s) on an usb drive. First of all if my laptop really gets
> stolen (or I loose it :o), the usb drive certainly would be attached,
> making the whole encryption stuff unnecessary. Secondly I don't want to
> worry whether I have my usb drive with me or not, because without the
> usb drive my laptop is quite useless.
>
> I like the idea of having a pass-phrase, and I would like to stay with
> this approach.
>
I think a lvm is the best solution, but I do not use it either currently (because I'm too lazy to set it up :) ). Therefore, I use the same passphrase for swap and root (it would also be possible to use different ones, but then you have to enter two passphrases), and patched the mkinitcpio encrypt hook to decrypt them both at boot.
More information about the arch-general
mailing list