logoalt Hacker News

IngoBlechschmidtoday at 4:21 PM3 repliesview on HN

Yes, if you simply suspend your laptop on most stock Linux distributions, then everything including the master key is still kept in memory. But Debian pioneered the (optional) cryptsetup-suspend addon. This issues a luksSuspend command which is supposed to wipe the key from memory, and on resume asks you to resupply your passphrase.

Up to kernel 6.8, this worked as described; starting with kernel 6.9, it silently didn't.


Replies

Groxxtoday at 6:53 PM

I've been wondering why hibernate didn't work with encryption, because this seems like the extremely obvious way to handle it, but I have struggled to find anything about it for years - glad to hear it does exist!

But yeah, also rather obviously it's inherently a bit leak-prone. Though it seems probably pretty simple to test, just hibernate and scan all stored data. They could probably even do it on shutdown, as a hash of the key data would be sufficient to detect the key.

heryworttoday at 4:54 PM

So you would still be asked for a passphrase, even though it's already available?

show 1 reply
naturalmovementtoday at 4:27 PM

FYI: VeraCrypt is not the defacto encryption software for Windows.

show 1 reply