encrypted disc hint

Joachim Schipper j.schipper at math.uu.nl
Mon Jun 6 03:52:56 PDT 2005


On Sun, Jun 05, 2005 at 03:45:14PM -0600, Archaic wrote:
> On Sun, Jun 05, 2005 at 10:50:11PM +0200, Joachim Schipper wrote:
> > 
> > Quite a few 'secure' programs take great care not to allow data to leak
> > to disk; however, only a couple also make sure it does not leak to swap.
> 
> But how is a non-root user supposed to read it?

He can't (or you've got another, more serious problem, like mode 644 on
/dev/hd*) - but he can boot Knoppix, provided he has physical access.

The use of encrypting swap is not in safeguarding data that is on your
disk, obviously - it's in making sure that data that shouldn't be on the
disk isn't, or at least not in a readable way.

Quite a few programs have safeguards against direct physical access
(GnuPG's passphrases, for instance), but not against attackers snooping
the decrypted keys from swap.

		Joachim



More information about the hlfs-dev mailing list