loop-aes swap

pinotj at club-internet.fr pinotj at club-internet.fr
Mon Oct 20 04:34:12 PDT 2008


>> Also, I think we talked about adding loop-aes to hlfs a long time ago,
>> and it was voted against because its a physical security thing... but
>> with swap it's not. If someone has read access to the swap device
>> (someone in the 'disc' group), they could find sensitive information.
>> GnuPG can be configured not to use swap, but GnuPG is not the only
>> package that handles passwords or private files. Can we vote again?

I'm voting for it, of course. HLFS should definitly encrypte his swap partition. It's a standard feature on OpenBSD :-)

>I am all for encrypted swap, using dm_crypt...

Well, dm-crypt should be good enough for the swap and is easier to implement. Loop-aes is still stronger, though. An other point is that loop-aes performs faster and it could be a better choice for the swap.

Regards,

-- 
Jerome Pinot
http://ngc891.blogdns.net/ 






More information about the hlfs-dev mailing list