Re: summary Re: encrypted swap

David Wagner (daw@mozart.cs.berkeley.edu)
9 Aug 2001 00:19:51 GMT


David Ford wrote:
>You can't guarantee much if the machine is physically compromised.

You're missing the point. The point is not about crypto keys currently
in memory. The point is about crypto keys that were in memory five reboots
ago. If you use unencrypted swap, those keys might have been swapped out
and might still be laying around in swap somewhere even after five reboots.
Therefore, with unencrypted swap, compromise of a machine can compromise
crypto keys (and other sensitive data) going back a long way.

In contrast, if you use encrypted swap, compromise of your machine can
only compromise crypto keys (and other sensitive data) going back to your
last reboot. That's a big difference: encrypted swap cuts down the impact
of a penetration or other compromise of your machine. *This* is one of
the really compelling security motivations for encrypted swap.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/