Comment by akerl_
4 hours ago
The reason this bug is unexpected is that the user is expecting to have to enter their password (because they expect the key to be wiped on suspend), and then _they are_ asked for their password. But there was a copy of the key elsewhere in kernel memory that was never cleared.
Ah, my bad. Yes, if the user was being presented with the prompt on wake, I see the problem.
I have never had that setup so I was confused.