Hibernate mode can be made to be very secure, given that your resume device (ie swap device) is encrypted. You will be asked for the pre-boot passphrase after resuming from hibernation. I've tried it, and it works. Not susceptible to cold boot attacks either (well, not after the first minute or so).
Sleep mode is less secure; it does not dump its memory to swap when it goes to sleep. It can be made secure up to a point, in that you can require a password to unlock after resuming. However sleep mode is susceptible to cold boot attacks. Someone with physical access to the machine can find the key and get to your data.
So as a rule of thumb, providing your resume device (usually your swap device) is encrypted and requires a pre-boot passphrase, and that passphrase is secure:
- Hibernating is quite secure
- Sleeping (suspend to RAM) is less secure
Note that home directory encryption, like that offered by eCryptfs (as used by Ubuntu) does not encrypt your swap device. Not all so-called 'disk encryption' does either.
Note: on Windows the terminology is different. Your resume device is a 'hibernation file' on Windows, and your swap device is a 'page file'. But the above still applies: if these are both encrypted then hibernation should be safe.
2Subjective, community wiki. – Xavierjazz – 2010-01-11T21:39:25.233
4If you've encrypted your harddrive and are putting your laptop into sleep without requiring a password on wake, you're wasting your time. It's like buying an expensive alarm system for your house and not arming it - you have to do it right for it to protect you. – Jared Harley – 2010-01-11T21:47:40.973
@Xavierjazz my "objective" answer is Full Hard Drive Encryption isn't 100% save (but what is?) but it IS useful. – Maciek Sawicki – 2010-01-11T21:58:14.603