Re: encrypted swap(beating a dead horse)

David Wagner (daw@mozart.cs.berkeley.edu)
9 Aug 2001 00:22:51 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Florin Andrei: "Re: Problem with Linux 2.4.7 and builtin eepro on Intel's EEA2"
Previous message: David Wagner: "Re: summary Re: encrypted swap"
Maybe in reply to: David Maynor: "encrypted swap(beating a dead horse)"

David Maynor wrote:
>This is true, so the best thing for this, in my opinion, instead of
>throwing the crypto blanket over everything, scrub the swap when a process
>is terminated so when the machine is shut down, you won't have to clean the
>entire swap.

(If I'm repeating myself and you already knew this, I apologize.)

Scrubbing swap is a good idea, but it turns out it is much harder
to do right then you might think. In particular, data can survive
many erases, due to the physical properties of hard drives as well
as the properties of filesystems and hard drive caching.

It seems that the only way to have any assurance that you've reliably
deleted data is to ensure that it was only written in encrypted form
in the first place, and to securely erase the key when you're done
with the data and want to erase it.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Florin Andrei: "Re: Problem with Linux 2.4.7 and builtin eepro on Intel's EEA2"
Previous message: David Wagner: "Re: summary Re: encrypted swap"
Maybe in reply to: David Maynor: "encrypted swap(beating a dead horse)"