[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
-----BEGIN PGP SIGNED MESSAGE-----
The Friday 2005-11-18 at 13:23 -0200, Ariel Sabiguero Yawelak wrote:
> But the privacy based on filesystem encryption is not so strong if you cannot
> control things that are made thief-readable beyond your control, which is the
> regular problem with swap space. Obviously, it is not 100% sure that anything
> sensitive is going to be on the swap space.... but that is not enough.
The passphrase of the encrypted partitions go into swap space in clear
when you suspend to disk. That is scary.
> In general you want to work the other way, you want to be 100% sure that there
> is no information thief-readable after the computer is turned off. After this,
> swap partition encryption becomes your friend.
You might consider erasing the swap partition when powering off, using for
the purpose "/etc/init.d/halt.local". The perfomance while in use will be
better, but halting will be much slower.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76
-----END PGP SIGNATURE-----
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here