encrypted swap

David Maynor (david.maynor@oit.gatech.edu)
Tue, 07 Aug 2001 10:37:57 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: DRM Linux kernel merge (update) needed, soon."
Previous message: Stephen C. Tweedie: "Re: [RFC] using writepage to start io"
Next in thread: Billy Harvey: "Re: encrypted swap"
Reply: Billy Harvey: "Re: encrypted swap"
Reply: Chris Wedgwood: "Re: encrypted swap"

>This is nonsense. Of course the computer can do this. This is exactly
what we
>already do for TCP sequence numbers, disk UUIDS, and many other things.
>Granted, we need a little more initial entropy, but the principle has already
>been established.

>Remember that this is not the same as a crypted filesystem in that no user
>(even root) need ever have any access to the key. That's important. Because
>the swapspace is essentially wiped at powerup, the system can happily gen
a new
>key every boot, crypt away and never let the users know the key at all.

This is a should-if debate, in my opinion. That is, not if you can do it,
but should you. Has anybody thought of the performance hit that you would
take encrypting your swap?

David Maynor

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: DRM Linux kernel merge (update) needed, soon."
Previous message: Stephen C. Tweedie: "Re: [RFC] using writepage to start io"
Next in thread: Billy Harvey: "Re: encrypted swap"
Reply: Billy Harvey: "Re: encrypted swap"
Reply: Chris Wedgwood: "Re: encrypted swap"