jan.dvorak at sitronicsts.com
Mon Oct 20 00:30:14 PDT 2008
On Monday 20 October 2008 01:22:15 Robert Connolly wrote:
> Also, I think we talked about adding loop-aes to hlfs a long time ago,
> and it was voted against because its a physical security thing... but
> with swap it's not. If someone has read access to the swap device
> (someone in the 'disc' group), they could find sensitive information.
> GnuPG can be configured not to use swap, but GnuPG is not the only
> package that handles passwords or private files. Can we vote again?
> Alternatively, the swap device could be configured in udev to have no
> permissions (ugo-rwx) and owned by 'swap'... or both encrypted swap and
> no permissions on the device (I like this idea best).
I am all for encrypted swap, using dm_crypt...
$ cat /etc/crypttab
More information about the hlfs-dev