From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: me.kalin@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 54439145 for ; Thu, 8 Dec 2016 02:07:26 +0000 (UTC) Received: from mail-yw0-f178.google.com (mail-yw0-f178.google.com [209.85.161.178]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 11133aaa for ; Thu, 8 Dec 2016 02:07:26 +0000 (UTC) Received: by mail-yw0-f178.google.com with SMTP id a10so310749140ywa.3 for ; Wed, 07 Dec 2016 18:12:55 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <87d1h3jszm.fsf@alice.fifthhorseman.net> References: <87d1h3jszm.fsf@alice.fifthhorseman.net> From: Kalin KOZHUHAROV Date: Thu, 8 Dec 2016 11:12:34 +0900 Message-ID: Subject: Re: Ephemeral key lifetime & system sleep To: Daniel Kahn Gillmor Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Thu, Dec 8, 2016 at 7:04 AM, Daniel Kahn Gillmor wrote: > I think scrubbing the ephemeral keys prior to suspend is the right thing > to do. It's simpler to reason about, sounds straightforward to > implement, the usability cost isn't that great, and it's likely to be > the right thing in almost all long-term suspend cases. > +1 I never use suspend, except when I need to hack some suspect hardware (forensics), or ATA SECURITY ERASE a "frozen" drive (anti-forensics). kill_on_suspend is better, given that it will be auto re-established on resume. Kalin.