Re: encrypted swap

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Brad Chapman: "Strange compilation messages with gcc 2.96.2"
• Previous message: Justin Guyett: "Re: 2.4.x IP aliase max eth0:16 (16 aliases), where to change?"
• Maybe in reply to: David Maynor: "encrypted swap"
• Next in thread: D. Stimits: "Re: encrypted swap"

Erasing data, once written, is deceptively difficult.
See Peter Gutmann's excellent paper on the subject at
http://www.usenix.org/publications/library/proceedings/sec96/gutmann.html

It turns out that the easiest way to solve this problem is to make sure
you only ever write to the swap partition in encrypted form, and then when
you want to erase it securely, just throw away the key used to encrypt it.
(You have to securely erase this key, but it is much easier to erase
this key securely, because it is shorter and because you can arrange
that it only resides in RAM.)

It is critical that you choose a new encryption key each time you boot.
(Requiring users to enter in passphrases manually is unlikely to work well.)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Brad Chapman: "Strange compilation messages with gcc 2.96.2"
• Previous message: Justin Guyett: "Re: 2.4.x IP aliase max eth0:16 (16 aliases), where to change?"
• Maybe in reply to: David Maynor: "encrypted swap"
• Next in thread: D. Stimits: "Re: encrypted swap"