[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Friday 2005-11-18 at 13:23 -0200, Ariel Sabiguero Yawelak wrote:

> But the privacy based on filesystem encryption is not so strong if you cannot
> control things that are made thief-readable beyond your control, which is the
> regular problem with  swap space. Obviously, it is not 100% sure that anything
> sensitive is going to be on the swap space.... but that is not enough.

The passphrase of the encrypted partitions go into swap space in clear 
when you suspend to disk. That is scary.

> In general you want to work the other way, you want to be 100% sure that there
> is no information thief-readable after the computer is turned off. After this,
> swap partition encryption becomes your friend.

You might consider erasing the swap partition when powering off, using for 
the purpose "/etc/init.d/halt.local". The perfomance while in use will be 
better, but halting will be much slower.

- -- 
Cheers,
       Carlos Robinson

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFDfnfEtTMYHG2NR9URAr1fAJ0ZeFmKotED8fqTdHzkNqvSKI3x3gCcD7X9
3Gln5UjDt+XcLhgWu2fVuyY=
=ibC/
-----END PGP SIGNATURE-----


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here