Re: encrypted swap

D. Stimits (stimits@idcomm.com)
Tue, 07 Aug 2001 15:56:45 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniel Phillips: "Re: [RFC][DATA] re "ongoing vm suckage""
Previous message: Mike Fedyk: "Re: Compile failure: 2.2.19 + eide patch on PPC"
Maybe in reply to: David Maynor: "encrypted swap"
Next in thread: David Spreen: "Re: encrypted swap"

David Wagner wrote:
>
> Dan Podeanu wrote:
> >If its going to be stolen while its offline, you
> >can have your shutdown scripts blank the swap partition [...]
>
> Erasing data, once written, is deceptively difficult.
> See Peter Gutmann's excellent paper on the subject at
> http://www.usenix.org/publications/library/proceedings/sec96/gutmann.html
>
> It turns out that the easiest way to solve this problem is to make sure
> you only ever write to the swap partition in encrypted form, and then when
> you want to erase it securely, just throw away the key used to encrypt it.
> (You have to securely erase this key, but it is much easier to erase
> this key securely, because it is shorter and because you can arrange
> that it only resides in RAM.)
>
> It is critical that you choose a new encryption key each time you boot.
> (Requiring users to enter in passphrases manually is unlikely to work well.)

You could easily create a pass phrase that is a combination of a user
defined pass, and a random device generation. During suspend of the
laptop, you could force it to forget only the user defined portion, and
ask that it get re-entered on resume. Keyboard snooping would only
provide a small part of the key; though it would aid attacks to know
part of the key, each reboot would invalidate the per-session key, and
each suspend or boot would also invalidate the user key (the user could
choose a different user key each boot, but that key would remain in
effect for the remainder of the boot; one could be so devious as to also
force the user key portion to pass a one-way hash, like MD5, against a
permanent pass file, if the permanent pass file was not itself on an
encrypted partition).

D. Stimits, stimits@idcomm.com

> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Phillips: "Re: [RFC][DATA] re "ongoing vm suckage""
Previous message: Mike Fedyk: "Re: Compile failure: 2.2.19 + eide patch on PPC"
Maybe in reply to: David Maynor: "encrypted swap"
Next in thread: David Spreen: "Re: encrypted swap"