Ephemeral key lifetime & system sleep
Kalin KOZHUHAROV
me.kalin at gmail.com
Thu Dec 8 03:12:34 CET 2016
On Thu, Dec 8, 2016 at 7:04 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> I think scrubbing the ephemeral keys prior to suspend is the right thing
> to do. It's simpler to reason about, sounds straightforward to
> implement, the usability cost isn't that great, and it's likely to be
> the right thing in almost all long-term suspend cases.
>
+1
I never use suspend, except when I need to hack some suspect hardware
(forensics), or ATA SECURITY ERASE a "frozen" drive (anti-forensics).
kill_on_suspend is better, given that it will be auto re-established on resume.
Kalin.
More information about the WireGuard
mailing list