Re: Encrypted Swap

Helge Hafting (helgehaf@idb.hist.no)
Tue, 07 Aug 2001 09:49:12 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Weinehall: "Re: Ongoing 2.4 VM suckage"
Previous message: Crutcher Dunnavant: "Re: Encrypted Swap"
Maybe in reply to: David Spreen: "Encrypted Swap"
Next in thread: Ben Ford: "Re: Encrypted Swap"

Steve VanDevender wrote:
>
> Justin Guyett writes:
> > On Tue, 7 Aug 2001, David Spreen wrote:
> >
> > > I was just searching for swap-encryption-solutions in the lkml-archive.
> > > Did I get the point saying ther's no way to do swap encryption
> > > in linux right now? (Well, a swapfile in an encrypted kerneli
> > > partition r something like that is not really what I want to
> > > do I think).
> >
> > What's the benefit?
[...]
> It does prevent one means of recovering possibly security-critical
> information for attackers who do have physical access to the machine.

The encrypted swap device protects against the guy who steals the
harddisk. It doesn't really protect against someone with physical
access though.

I can remove RAM live, and read it in another device. Or replace
the cpu with an interface that simply reads all the RAM
addresses. Sure, I'll leave a crashed machine, but I have
your precious data. A smp machine might even survive the
cpu replacement and continue with one less cpu and
a frozen process.

Having the RAM contents will of course provide what I need to
decrypt the swap device and all mounted filesystems too.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Weinehall: "Re: Ongoing 2.4 VM suckage"
Previous message: Crutcher Dunnavant: "Re: Encrypted Swap"
Maybe in reply to: David Spreen: "Encrypted Swap"
Next in thread: Ben Ford: "Re: Encrypted Swap"