loop-aes swap

Robert Connolly robert at linuxfromscratch.org
Sun Oct 19 16:22:15 PDT 2008


I was just looking at the loop-aes patch for util-linux-ng and realized that 
swapon uses /dev/urandom to make a random key for encrypted swap (it also 
uses a SHA-512 of old swap data). When swap is activated during boot there 
hasn't been much to seed the kernel entropy pool, so /dev/urandom is a bit 
predictable. I have some ideas on making this better:

BLFS-bootscripts have S25random reseeding /dev/random fairly late. Ideally it 
should go in after udev, and before swap, and perhaps load other boot scripts 
before activating swap.

If an rngd is added to the random boot script, then loop-aes's swapon.c can 
use /dev/random instead of urandom. The old random-seed should get dumped 
after rngd is started, not before, to allow rngd to fill the watermark before 
random-seed stirs the pool. If rngd is installed and works, then the loop-aes 
patch can be modified to use /dev/random exclusively (no hash of old swap), 
and cause swapon to abort otherwise (it currently does not exit 
if /dev/urandom doesn't exist, just gives a warning).

Also, I think we talked about adding loop-aes to hlfs a long time ago, and it 
was voted against because its a physical security thing... but with swap it's 
not. If someone has read access to the swap device (someone in the 'disc' 
group), they could find sensitive information. GnuPG can be configured not to 
use swap, but GnuPG is not the only package that handles passwords or private 
files. Can we vote again? Alternatively, the swap device could be configured 
in udev to have no permissions (ugo-rwx) and owned by 'swap'... or both 
encrypted swap and no permissions on the device (I like this idea best).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20081019/2704df36/attachment.sig>

More information about the hlfs-dev mailing list