loop-aes swap

Jan Dvorak jan.dvorak at sitronicsts.com
Mon Oct 20 00:30:14 PDT 2008


On Monday 20 October 2008 01:22:15 Robert Connolly wrote:
> Also, I think we talked about adding loop-aes to hlfs a long time ago,
> and it was voted against because its a physical security thing... but
> with swap it's not. If someone has read access to the swap device
> (someone in the 'disc' group), they could find sensitive information.
> GnuPG can be configured not to use swap, but GnuPG is not the only
> package that handles passwords or private files. Can we vote again?
> Alternatively, the swap device could be configured in udev to have no
> permissions (ugo-rwx) and owned by 'swap'... or both encrypted swap and
> no permissions on the device (I like this idea best).

I am all for encrypted swap, using dm_crypt...

$ cat /etc/crypttab
swap    /dev/disk/by-uuid/43c8e91d-06d4-4984-9e0f-5d521fe7daa4  
/dev/urandom    swap



More information about the hlfs-dev mailing list