also this had better be a configuration option. I don't want to wait for
2g of swap space to be wiped when I boot by webserver (which defeates my
previous requirement)
David Lang
On Tue, 7 Aug 2001, Ben Ford wrote:
> Date: Tue, 07 Aug 2001 20:30:09 -0700
> From: Ben Ford <ben@kalifornia.com>
> To: David Wagner <daw@mozart.cs.berkeley.edu>
> Cc: linux-kernel@vger.kernel.org
> Subject: Re: summary Re: encrypted swap
>
> David Wagner wrote:
>
> >You missed some scenarios. Suppose I run a server that uses crypto.
> >If swap is unencrypted, all the session keys for the past year might
> >be laying around on swap. If swap is encrypted, only the session keys
> >since the last boot are accessible, at most. Therefore, using encrypted
> >swap clearly reduces the impact of a compromise of your machine (whether
> >through theft or through penetration). This is a good property.
> >
> Wiping swap on boot will achieve the same effect.
>
> -b
>
> --
> Please note - If you do not have the same beliefs as we do, you are
> going to burn in Hell forever.
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/