Re: Encrypted Swap

Dr. Kelsey Hudson (kernel@blackhole.compendium-tech.com)
Tue, 7 Aug 2001 19:13:50 -0700 (PDT)


On 7 Aug 2001, Brian May wrote:

> Example: disk is faulty and will no longer work. How do you guarantee
> that nobody will be able to read it after you toss it out OR return it
> to the manufacturer to claim for warranty?

Most people paranoid with security (US DOD, NSA, etc.) have protocol
regarding disks with classified data on them: Once classified, always
classified. A failed disk still under warranty must forfiet that warranty
to ensure data integrity. If the disk is no longer useful (eg that 575MB
disk out of the SPARCstation 2 in the corner) then it is to be destroyed
with fire and the remains slagged.

> (of course, encrypting swap space is only part of the solution, here
> you need to encrypt everything).

Encrypting everything is what DISA decided they would do with the DII COE
operating environment for Windows NT and Solaris. DISA's solution under NT
was to zero the swapfile at system shutdown as well as use an encryption
scheme similar to what has been referred to earlier in this thread. The
solution under Solaris was to do encryption only. I'm not going to go into
detail about it, but basically, everything but the filesystems on-disk
have been encrypted. DII COE is not available for public consumption as
well as export outside the US. Besides, I pity anyone who's forced to use
it. It really is a miserable thing to be forced to use.

Kelsey Hudson khudson@ctica.com
Software Engineer
Compendium Technologies, Inc (619) 725-0771
---------------------------------------------------------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/