Re: Encrypted Swap

Garett Spencley (gspen@home.com)
Tue, 7 Aug 2001 01:12:28 -0400 (EDT)


> Hmmm, if you have PHYSICAL access to the machine, you can simply reboot and type
> "linux init=/bin/sh" and after it simply cat /etc/shadow and run John The Ripper....
> Am i wrong?

Yes. Generally speaking if you have physical access to a machine then you
have root.

Heck why bother trying to crack the passwords when you can just boot up
with a root disk and access any file on the hard drive that you want? If
you want to use the machine for malicious purposes while it's running then
just install a back door.

So as someone else earlier in the thread mentioned, any secure set up
would not allow non-root users to access swap while the machine's running.
And if you can get at the hard drive physically while the machine is not
running then why bother screwing with swap when you have root anyway?

However, writing this got me thinking: you could potentialy go
through swap if you're after keys for encrypted files...

-- 
Garett Spencley

I encourage you to encrypt e-mail sent to me using PGP My public key is available on PGP key servers (http://keyservers.net) Key fingerprint: 8062 1A46 9719 C929 578C BB4E 7799 EC1A AB12 D3B9

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/