[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?

To: SuSE Security List <suse-security@xxxxxxxx>
Subject: Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
Date: Sun, 20 Nov 2005 18:55:24 +0100 (CET)
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <437EE40D.8040302@xxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <437CFA05.7020103@xxxxxx> <1132274667.15815.103.camel@xxxxxxxxxxx> <578ebdde0511171726j1dc2f4fawad5892d5ca269fcb@xxxxxxxxxxxxxx> <Pine.LNX.4.61.0511180409230.21723@xxxxxxxxxxxxxxxx> <437DF051.8000502@xxxxxxxxxxxx> <437DF743.7020800@xxxxxx> <437DF20F.5060507@xxxxxxxxxxx> <Pine.LNX.4.61.0511190148540.26440@xxxxxxxxxxxxxxxx> <437EE40D.8040302@xxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:

> > You might consider erasing the swap partition when powering off, using
> > for the purpose "/etc/init.d/halt.local". The perfomance while in use
> > will be better, but halting will be much slower.
> > 
> Again you are not 100% sure.
> It has been discussed several times about the posibility of un-erasing erased
> data, but we can consider that unerasing and trying to recover data from swap
> might be not very useful.

Erasing the swap, as it is not a file, and because we are talking 
security here, means overwriting the swap data with something else. Even 
in that case, data is recoverable, if you have the means; but I suppose 
the ordinary thief picking a portable does not have those means, and if he 
has those means then he is not ordinary thief and even encryption will not 
deter him much.

> But on the other hand, you are leaving your information thief-readable
> whenever halt.local is not executed. If the system does not shut down clearly,
> or the thief knows that he has to unplug the cable (remove the batery) instead
> of initing-6 he is done.

If the thief can get to my PC while running, I have bigger worries. He 
might be armed! 

> Ok, you can say that whenever *you* shut down the system, then it is "safe",
> and I agree :-)
> It is only a matter of how much you want to be secure and all-data-encription
> is the way to be MORE confident on the solution.

Yes. But I'm not that "paranoid".

As I use "suspend to disk", what worries me is that the password to the 
encrypted partitions is saved in clear in the swap partition - this a 
pending problem. And encrypting the swap partition would not solve it, 
because then I could not suspend to disk, and also I fear that swapping 
would be much slower.

- -- 
Saludos
       Carlos Robinson

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFDgLihtTMYHG2NR9URAsrPAKCSIoiwc9CjbYVSWSH8XP+4I0mEwQCffj6p
LAsJqAEOquTUtkfeIVQf/lk=
=lgEw
-----END PGP SIGNATURE-----

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
  - From: Dirk Schreiner

References:
- [suse-security] How do I encypt the swap (partition[s]) under SuSE 9.3 Prof ?
  - From: Christoph Merk
- Re: [suse-security] How do I encypt the swap (partition[s]) under SuSE 9.3 Prof ?
  - From: Axel Sintermann
- Re: [suse-security] How do I encypt the swap (partition[s]) under SuSE 9.3 Prof ?
  - From: miguel gmail
- Re: [suse-security] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
  - From: Carlos E. R.
- Re: [suse-security] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
  - From: Geoffrey
- Re: [suse-security] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
  - From: Christoph Merk
- [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
  - From: Ariel Sabiguero Yawelak
- Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
  - From: Carlos E. R.

Prev by Date: [suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface
Next by Date: [suse-security] SPAM: unsubscribe
Previous by thread: Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
Next by thread: Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
Index(es):
- Date
- Thread