Re: encrypted swap [was: The disappearing sys_call_table export.]

Jörn Engel (joern@wohnheim.fh-wedel.de)
Wed, 14 May 2003 17:57:27 +0200

On Wed, 14 May 2003 06:06:56 -0400, Ahmed Masud wrote:
> On Wed, 14 May 2003, Yoav Weiss wrote:
> > On Tue, 13 May 2003, Ahmed Masud wrote:
> >
> > Yes, it sounds like an interesting project. Check out openbsd's paper
> > about this: http://www.openbsd.org/papers/swapencrypt.ps
>
> Thank you for this paper, it is a fun read. I do think however that a
> few implementation differences should take place:
>
> 1. We should not enforce Rijndael as the only choice.
>
> 2. Every page should be encrypted iff it marked with some flag. This gives
> a generic enough hook to create a swap_encrypt_policy type function to
> determine whether it is desirable to encrypt a particular page or not.
>
> [...]

Just browsed across the white paper, but this doesn't make a lot of
sense to me.

1. Instead of cryptographic filesystems, you could just encrypt the
block device.
2. The only reason not to do so it security. An attacker could use
known-plaintext attacks, since some parts of the metadata can be
reconstructed or guessed easily.
3. Instead of encrypted swap, you could just encrypt the block device.
4. The only reason reason not to do so is what?

Sorry, beats me, I cannot see any reason. Is there a possible
known-plaintext attack possible, that is not obvious to everyone, at
least not to me?

Jörn

-- 
A defeated army first battles and then seeks victory.
-- Sun Tzu
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/