Re: summary Re: encrypted swap

David Spreen (david@spreen.de)
Tue, 7 Aug 2001 23:39:21 +0200


On Tue, Aug 07, 2001 at 02:34:48PM -0700, Ted Unangst wrote:
> conclusion: if your data is that valuable, you will need a small army to
> protect it. don't bother encrypting swap, because guns are a better means
> of protection.

NAK. Of course I have the united states army in front of my notebook
to protect my pronsite passwds. But see, the army makes my notebook
an interesting target for data-thiefs, right? So I want encrypted swap
as an additional feature.
Okay stop kidding, of course crypted swap is no allround solution, but
a step to harden your security issues. I don't want to make you using
it, but I can think of people who would want to including myself.

> if your data is only semi-valuable, or private that you
> wouldn't want random others to read it, then swap encryption is good.
> it's a nice feature that some people might like to have. does it solve
> every problem? no. but the people in the edge cases are most likely very
> aware of the possibilities.

ACK.

> implementation paper:
> http://www.openbsd.org/papers/swapencrypt.ps

Thank you, this was what I meant when I wrote of some BSD :).

Okay, so I got some ideas how to implement, the kernel-related
thing with an automatic generated key and the kerneli-issue.

I tried to get kerneli working with swap some time ago and it didn't work.
Has the behavour changed? In the crypto HOWTO linked on kerneli.org is
still said that swap encryption doesn't work (but I don't know when the
last release was written).

so long & thanks for your suggestions...

David

-- 
  __          _              | David "netzwurm" Spreen      Kiel, Germany
 / _|___  ___| |__  __ _ _ _ | http://www.netzwurm.cc/      david@spreen.de
|  _/ _ \/ _ \ '_ \/ _` | '_|| gnupg key (on keyservers):   C8B6823A
|_| \___/\___/_.__/\__,_|_|  | CellPhone:                   +49 173 3874061

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/