Re: encrypted swap

Andreas Dilger (adilger@turbolinux.com)
Tue, 7 Aug 2001 13:48:04 -0600 (MDT)


Dan writes:
> Or, somehow better & safer (or, explain the drawback):
>
> spiral:~# dd if=/dev/zero of=/swap bs=1024k count=16
> 16+0 records in
> 16+0 records out
> spiral:~# losetup -e DES /dev/loop0 /swap
> Password:
> Init (up to 16 hex digits):
> spiral:~# mkswap /dev/loop0
> Setting up swapspace version 1, size = 16773120 bytes
> spiral:~# swapon /dev/loop0
> spiral:~# cat /proc/swaps
> Filename Type Size Used Priority
> /dev/loop0 partition 16376 0 -3
>
> Of course, you'll need to enter the losetup password upon booting, which
> might prove annoying

Actually, since you don't care about the old contents of swap on each
boot, just have something like:

losetup -e AES /dev/loop0 /swap < /dev/random

then you get a random password each boot, which is strong because it
uses the full 256 character passwords, as opposed to passwords that
people can easily use/remember.

You would likely need something more along the lines of (I don't know
what input format losetup actually needs):

dd if=/dev/random bs=1 count=16 | od -tx4 | \
awk '/0000000/ { print $2 $3 $4 $5 }' | losetup -e AES -p0 /dev/loop0 /swap

Cheers, Andreas

-- 
Andreas Dilger  \ "If a man ate a pound of pasta and a pound of antipasto,
                 \  would they cancel out, leaving him still hungry?"
http://www-mddsp.enel.ucalgary.ca/People/adilger/               -- Dogbert

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/