encrypted filesystems

Christopher James Coleman ug97cjc at cs.bham.ac.uk
Tue Jan 6 10:40:59 PST 2004


On Tue, 6 Jan 2004, Robert Connolly wrote:
> On January 6, 2004 12:11 pm, Ian Molton wrote:
> > On Tue, 06 Jan 2004 06:37:52 -0500
> >
> > Robert Connolly <cendres at videotron.ca> wrote:
> > >  just the swap  space.
> >
> > This is even more pointless than encrypted filesystems - it implys that
> > your *key* authentication tools are badly written enough that they will
> > leak sensitive data to swap space.
>
> GPG would fall into this category.

GPG itself will most likely be using non-swappable pages (though this
relies on the kernel keeping it's promises). I think the warning is more
about the fact that if you use, say, an MUA to open the mail that the MUA
(and you previously encrypted data) may go to swap at any time. Software
that uses data from encrypted operations, but does not deal with encrypted
operations directly, often forgets that the data it is using it sensitive.
Therefore, although I would have thought that GPG itself does not fall
into this category, I do agree that encrypting swap space can help protect
against stupid applications.

I suppose the ideal solution in a secure system is to not have any part of
the program chain stupid enough to not protect pages with sensitive data
on. However, this is probably beyond the scope of the project.

I may have the issue incorrectly stated, but this was my perception of how
it is.

.chris



More information about the hlfs-dev mailing list