[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?



Hi Dirk,

Sebastian Kübeck wrote:
>>> Stupid question:
>>> How about having no swap partition at all and giving the box enough 
>>> RAM?

>>This is possible, but has some performance hints.
>>(You can use less Ram for HD-caching.)
I was thinking of the TCO. Thinking of complicated ways to
encrypt swap space seems to be way more expensive (and troublesom) 
than just adding more RAM.

>> I couldn't think of a bullet prove way of hiding the key for the
>> encrypted partition.

>You do not need to store the Key, cause the key is only
>held in the memory during runtime, and lost during shutdown. There is a new
Key generated every boottime.
>Remember, swapspace, like Ram can be empty during booting.

In practice, it doesn't matter if it's the key or something that
decrypts the key (e.g. a Password).
If someone kidnaps the box, he/she will have access
to the key as long as anything to get access to it
is somewhere on the machine (HD, Smartcard or USB stick or
Anything that is permanently attached to the box).
You could delete the swap space during shutdown but
nobody can prevent the kidnapper of simply 
unplugging the box.

Just some thoughts. I'm definetly no expert on this!

Sebastian


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here