So I have the alternate install method for luks encryption of my swap and /home partitions.

The installer did not let me put no passphrase for the swap. Like in OpenSuse, where if you dont have one, it dumps any existing data and randomly creates its own for that session.

How do I do this in Ubuntu?

I want to keep my /home as it is, this is only for swap.

Thanks

well, why should you want to enter a password for swap? Swap is temporary memory...

have a look at your /etc/crypttab file. It should have an entry like:


swap /dev/disk/by-uuid/43c8e91d-06d4-4984-9e0f-5d521fe7daa4 /dev/urandom swap

this means it will generate a random encryption key upon every start... however I don't know how thise behaves with hibernation... you may need to change it then and create a real password encrypted partition.

Thsnks Ill try it. The installer wouldnt ;et me put no passphrase for swap so I had to put one in for install

well, is there a problem if you have no password for swap?

No, thats what I want. I think you misunderstand :) Simply, the installer wouldnt let me have a random passphrase for swap. Thanks for the instructions on how to do this manually.

well, why should you want to enter a password for swap? Swap is temporary memory...

have a look at your /etc/crypttab file. It should have an entry like:


swap /dev/disk/by-uuid/43c8e91d-06d4-4984-9e0f-5d521fe7daa4 /dev/urandom swap

this means it will generate a random encryption key upon every start... however I don't know how thise behaves with hibernation... you may need to change it then and create a real password encrypted partition.

Unfortunately this doesnt work. On boot the system says that Luks does not work with random data as the key and now swap is disabled.

(1) why do you want a password for swap?

(2) well, it's not luks but dm_crypt that works with random data... works perfectly fine on me... of course you'll have to adjust the device that runs it and probably also alter the fstab - but it works ;)

1. Information can leak into swap that provides a threat vector for securing machines. Its low risk but my system doesnt use swap much so the overhead to crypt isnt a big deal.

2. Can I please have instructions on how to get it working? i.e. Swap with random passhprase on each boot automatically

2. Can I please have instructions on how to get it working? i.e. Swap with random passhprase on each boot automatically

See the way I have crypttab setup... that will create a random password everytime generated by /dev/urandom

Yes I have done that as I said previously. The problem then as I reported is that Luks wont accept it and the machine boots with no swap.

then you did something wrong and yuo don't give any clue about your setup...

Thanks :) Got it sorted now. I checked my crypttab and even though I had the /dev/urandom in it I still had luks, swap when I should only have swap. Now it works great with a random passphrase every boot! lovely, thanks again