> Masud wrote:
>
>
>>But isn't swap crypting fun ? :-) Running encrypted swap is okay so long
>>as we throw away the key after each session. This can be easily (famous
>>last words) achieved under crypto kernels. I am not certain if such
>>functionaility is being contemplated for the Linux kernel along with the
>>new cryptoloop stuff, if there isn't i can volunteer to put something
>>like that in - if we are interested. Are we?
>
>
> See http://loop-aes.sourceforge.net/
> The README already explains how to use it as encrypted swap. I've been
> using it for quite a while without problems.
>
I am familiar with Jari's cryptoloop and related tools and have studied
and am using them for some applications on a few environments.
> If you feel like volunteering for an encrypted swap, I suggest the model
> used by OpenBSD. Instead of using an encrypted swap dev with one random
> key, they seem to have a per-process key and encrypt swap areas of the
> process with its key. When a process dies, its key dies with it, so the
> swap space it used is considered clean without having to wait for an
> override or a reboot.
>
This definitely sounds very interesting. I can start looking at this
problem seriously and see if i can put something together for 2.5.x
since crypto subsystem routines are largely in place.
> Another fun project is encrypted hibernation (suspend-to-disk). Once the
> kernel contains a stable hibernation option, I'm certainly going to
> encrypt it.
>
Yes that too could be a fun thing to do.
Ahmed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/