[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
How about having no swap partition at all and giving the box enough RAM?
I couldn't think of a bullet prove way of hiding the key for the
encrypted partition. An option would be that you enter a password
Every time you boot the box but that's most probably not what you want.
Von: Dirk Schreiner [mailto:Dirk.Schreiner@xxxxxxx]
Gesendet: Montag, 21. November 2005 10:18
An: Carlos E. R.
Cc: SuSE Security List
Betreff: Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap
(partition[s]) under SuSE 9.3 Prof ?
Carlos E. R. wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:
>>> You might consider erasing the swap partition when powering off,
>>> using for the purpose "/etc/init.d/halt.local". The perfomance while
>>> in use will be better, but halting will be much slower.
Erasing is no good idea. Too much can go wrong,
and you never will find out.
>> But on the other hand, you are leaving your information
>> thief-readable whenever halt.local is not executed. If the system
>> does not shut down clearly, or the thief knows that he has to unplug
>> the cable (remove the batery) instead of initing-6 he is done.
> If the thief can get to my PC while running, I have bigger worries. He
> might be armed!
So you shutdown youre system whenever going to toilet.
Or for a cup of coffee......
I know of stolen Laptops during working hours.
> Yes. But I'm not that "paranoid".
You Should be!
Or forget thinking about Security.
> As I use "suspend to disk", what worries me is that the password to the
> encrypted partitions is saved in clear in the swap partition - this a
> pending problem. And encrypting the swap partition would not solve it,
> because then I could not suspend to disk, and also I fear that swapping
> would be much slower.
Give it a try. On most systems you can switch over in running
state. (And also back ;-) )
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here