encrypted disc hint

Joachim Schipper j.schipper at math.uu.nl
Sun Jun 5 13:50:11 PDT 2005


On Sun, Jun 05, 2005 at 07:03:47AM -0600, Archaic wrote:
> On Sun, Jun 05, 2005 at 07:30:44AM -0400, Robert Connolly wrote:
> > How do you guys feel about adding support for encrypting disks to the book? I 
> > know not everyone will use it, maybe some xml magic can help. I foresee four 
> > models:
> > 	Green (Low) - Encrypt swap only
> 
> If swap is flushed at shutdown, and since it cannot be read unless one
> is root (or has a mis-configured box), what exactly does swap encryption
> add other than a false sense of security?

Quite a few 'secure' programs take great care not to allow data to leak
to disk; however, only a couple also make sure it does not leak to swap.
Thus, encrypting swap is a good way to make sure passphrases, decrypted
cryptographic keys, or somesuch are not recoverable, even if someone is
willing to take a really good look at your swap space. (IIRC, even GnuPG
is guilty to some level, as it allows the plaintext to leak to swap - or
was this fixed some time ago?)

Of course, there's the question of how likely this attack is. If the
attacker knows quite a bit about the memory around the passphrase/key,
this is probably quite feasible (do a smart grep on the disk, take a
manual look at the results).

Of course, for a custom-compiled system with lots of modifications, as
HLFS is likely to be, this is a lot harder. But encrypting swap is not
senseless.

		Joachim



More information about the hlfs-dev mailing list