Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory(mathstodon.xyz)
497 points by IngoBlechschmid 21 hours ago | 209 comments
tl;dr: Summary not available
HN Discussion:
  • Title is clickbait since luksSuspend is a Debian-specific extension, not officially supported kernel feature
  • Explains the technical context of why keys remain in RAM during suspend but not hibernate
  • This regression matters because silent security bugs don't announce themselves
  • ~Hibernating to disk is a better protection than relying on LUKS suspend key wiping
  • Recurring critical C bugs suggest systemic issues with large open source C codebases