On Thu, Apr 19, 2001 at 11:37:05PM +0200, Niels M�ller wrote: > A better approach is to simply encrypt pages that are swapped out > (either all swap, or configurable per user or per process). > > I think Markus Friedl implemented that for OpenBSD, and wrote a paper > about it. I have no idea how hard it would be on the HURD. I guess the > code would live somewhere in the (default) pager.
Yes, I exchanged some ideas on this with Werner, and it seems that we could make the Hurd very secure by implementing page encryption in the default pager. I think it can also be used to encrypt stores automatically. The main problem to think about is how to get at the secret key (user input!), also after hibernation of laptops, etc. Thanks, Marcus -- `Rhubarb is no Egyptian god.' Debian http://www.debian.org [EMAIL PROTECTED] Marcus Brinkmann GNU http://www.gnu.org [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.marcus-brinkmann.de
