|
|
Subscribe / Log in / New account

Hibernation in the cloud

Hibernation in the cloud

Posted May 26, 2020 13:48 UTC (Tue) by mb (subscriber, #50428)
In reply to: Hibernation in the cloud by leromarinvit
Parent article: Hibernation in the cloud

>if I had anything really sensitive

I consider all my data sensitive, because whether something is sensitive depends on a lot of environmental circumstances, too. e.g. laws that I don't know of. And it might also change without my immediate knowledge.

So my default is encrypt everything. I actively decide whether information is non-sensitive on a case by case basis, rather than the other way around. That's much easier and much safer.

to post comments

Hibernation in the cloud

Posted May 26, 2020 14:28 UTC (Tue) by leromarinvit (subscriber, #56850) [Link] (3 responses)

Encrypting everything by default is certailny a good idea, I do that too. Hibernation (to an encrypted disk) is of course a good way to protect the state of a running system while at rest, and I've used it as such in the past.

But treating my vacation photos like I'm the next Snowden on my way to a safe place to leak a huge cache of data seems a little inconvenient. Like I said, if that were the case, I wouldn't try to bring this data along with me. But for more mundane things, an encrypted drive (whether the laptop is hibernated or turned off) seems good enough for me.

And for taking my laptop around in my backpack, the convenience of STR is hard to beat - even if I do give up a little security for that convenience. Reading a few GB of data from an SSD is fast, but GRUB still takes several seconds to unlock a LUKS container for me. And if I mistype my (long) passphrase, it takes even longer to error out and then it won't let me try again, and I have to reboot - again taking several seconds just to get to the prompt.

Hibernation in the cloud

Posted May 26, 2020 17:18 UTC (Tue) by Wol (subscriber, #4433) [Link]

> But treating my vacation photos like I'm the next Snowden on my way to a safe place to leak a huge cache of data seems a little inconvenient.

https://www.rspb.org.uk/reserves-and-events/events-dates-...

Your holiday photos could be a treasure trove of information to any interested bystander. If an attacker knew you were in a location they were interested in.

Cheers,
Wol

Hibernation in the cloud

Posted May 26, 2020 18:43 UTC (Tue) by mb (subscriber, #50428) [Link] (1 responses)

>the convenience of STR is hard to beat

As I said, hibernation is not a replacement for STR.
I also use STR a lot, if I just want to conserve energy for a short time.

> And if I mistype my (long) passphrase, it takes even longer to error out and then it won't let me try again, and I have to reboot

That's just misconfigured then.
There's nothing wrong with allowing a couple of password attempts.

Hibernation in the cloud

Posted May 26, 2020 19:08 UTC (Tue) by leromarinvit (subscriber, #56850) [Link]

> That's just misconfigured then.
> There's nothing wrong with allowing a couple of password attempts.

I checked a few years ago when I set this up and back then, I didn't find any config option I could change to allow multiple attempts. Of course that's an implementation issue that's easily fixed, as is the slow unlock speed (cryptsetup is a lot faster) - though depending on what's causing the slowness, fixing it might not be as easy in a bootloader.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds