Re: summary Re: encrypted swap

Ted Unangst (tedu@stanford.edu)
Tue, 7 Aug 2001 22:37:39 -0700 (PDT)


> David Wagner wrote:
>
> >You missed some scenarios. Suppose I run a server that uses crypto.

oh, there's lots of scenarios. :) i am definitely in the camp that says
encrypted swap is good, though. and that was a good one.

On Wed, 8 Aug 2001, Ben Ford wrote:

> Wiping swap on boot will achieve the same effect.

1. takes far longer. encrypting swap is not a substantial operation.
wiping is. you'd have to wipe all 0's, then a 1010 pattern, then all 1's
to get decent security. (encryption is spread out over time - done
incrementally. wiping must be done all at once.)

2. anyone stealing a disk to get data out of it sure as hell isn't going
to boot it up and run your init scripts.

--
"People blame me because these water mains break, but I ask you,
if the water mains didn't break, would it be my responsibility to
fix them then? WOULD IT!?!"
      - M. Barry, Mayor of Washington, DC

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/