[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?



Stupid question:
How about having no swap partition at all and giving the box enough RAM?
I couldn't think of a bullet prove way of hiding the key for the 
encrypted partition. An option would be that you enter a password
Every time you boot the box but that's most probably not what you want.

Sebastian

-----Ursprüngliche Nachricht-----
Von: Dirk Schreiner [mailto:Dirk.Schreiner@xxxxxxx] 
Gesendet: Montag, 21. November 2005 10:18
An: Carlos E. R.
Cc: SuSE Security List
Betreff: Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap
(partition[s]) under SuSE 9.3 Prof ?


Hi Carlos,

Carlos E. R. wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:
> 
>>> You might consider erasing the swap partition when powering off, 
>>> using for the purpose "/etc/init.d/halt.local". The perfomance while 
>>> in use will be better, but halting will be much slower.
>>>

Erasing is no good idea. Too much can go wrong,
and you never will find out.


[...]

>> But on the other hand, you are leaving your information 
>> thief-readable whenever halt.local is not executed. If the system 
>> does not shut down clearly, or the thief knows that he has to unplug 
>> the cable (remove the batery) instead of initing-6 he is done.
> 
> If the thief can get to my PC while running, I have bigger worries. He
> might be armed! 
> 

So you shutdown youre system whenever going to toilet.
Or for a cup of coffee......

I know of stolen Laptops during working hours.



> Yes. But I'm not that "paranoid".

You Should be!
Or forget thinking about Security.

> 
> As I use "suspend to disk", what worries me is that the password to the 
> encrypted partitions is saved in clear in the swap partition - this a 
> pending problem. And encrypting the swap partition would not solve it, 
> because then I could not suspend to disk, and also I fear that swapping 
> would be much slower.

Give it a try. On most systems you can switch over in running
state. (And also back ;-) )

Dirk   
 


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here