>You missed some scenarios. Suppose I run a server that uses crypto.
>If swap is unencrypted, all the session keys for the past year might
>be laying around on swap. If swap is encrypted, only the session keys
>since the last boot are accessible, at most. Therefore, using encrypted
>swap clearly reduces the impact of a compromise of your machine (whether
>through theft or through penetration). This is a good property.
>
Wiping swap on boot will achieve the same effect.
-b
-- Please note - If you do not have the same beliefs as we do, you are going to burn in Hell forever.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/