[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
Christoph Merk wrote:
Sure that you can read it, the thing is to prevent you from
understanding it or stealing sensitive information.
u r thinking way too complicated.
Take ur computer, open it, take the hard drive out, attache it to a
working linux box and READ anything on the extra drive.
It's like taking a picture of your old system's memory after u turned
the machine off.
so, u don't need to watch a horror movie to be horrified. This is such a
simple thing to do. I call that very horrifying... how about u.
If you are using encrypted partitions, something that is used more and
more on portable computers, you need to know the encryption-key to
access the filesystem (ok, brut force might work if you have the time
required). This measure is adecuate for several environments.
But the privacy based on filesystem encryption is not so strong if you
cannot control things that are made thief-readable beyond your control,
which is the regular problem with swap space. Obviously, it is not 100%
sure that anything sensitive is going to be on the swap space.... but
that is not enough.
In general you want to work the other way, you want to be 100% sure that
there is no information thief-readable after the computer is turned off.
After this, swap partition encryption becomes your friend.
There are other more advanced ideas like puting steganography onto
filesystems.... that means that you are hinding data in your filesystem
in a way that it cannot be even detected that it is there. If you are
interested, you can check for a definition @wikipedia
You can try to patch the kernel and start hiding your data from
http://www.ecn.org/crypto/soft/stegfs-1.1.4.tar.gz. There are a few
papers/articles on this too.
Maybe after encrypting all the filesystems of my computer (swap
included) and hiding through steagnography relevant files I can feel a
little safer when I leave home....don't you agree?
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
The Friday 2005-11-18 at 02:26 +0100, miguel gmail wrote:
Sorry to break the thread... but, what's the point to encrypt the swap?
Thinking aloud [.....] a swap device might be readable by some users,
while the system is running. Lets see, mine has permissions:
brw-rw---- 1 root disk 3, 9 2005-10-07 02:48 /dev/hda9
Actually, the swap is on the hard drive, thus I suspect that there may
be data retained on it even after a reboot, although I'm not sure of
this. I don't know if the kernel purges the swap on shutdown or
reboot, but somehow I doubt that is the case.