On Sun, Jun 05, 2005 at 07:03:47AM -0600, Archaic wrote:
> On Sun, Jun 05, 2005 at 07:30:44AM -0400, Robert Connolly wrote:
> > How do you guys feel about adding support for encrypting disks to the book?
> > I
> > know not everyone will use it, maybe some xml magic can help. I foresee
> > four
> > models:
> > Green (Low) - Encrypt swap only
>
> If swap is flushed at shutdown, and since it cannot be read unless one
> is root (or has a mis-configured box), what exactly does swap encryption
> add other than a false sense of security?
Quite a few 'secure' programs take great care not to allow data to leak
to disk; however, only a couple also make sure it does not leak to swap.
Thus, encrypting swap is a good way to make sure passphrases, decrypted
cryptographic keys, or somesuch are not recoverable, even if someone is
willing to take a really good look at your swap space. (IIRC, even GnuPG
is guilty to some level, as it allows the plaintext to leak to swap - or
was this fixed some time ago?)
Of course, there's the question of how likely this attack is. If the
attacker knows quite a bit about the memory around the passphrase/key,
this is probably quite feasible (do a smart grep on the disk, take a
manual look at the results).
Of course, for a custom-compiled system with lots of modifications, as
HLFS is likely to be, this is a lot harder. But encrypting swap is not
senseless.
Joachim
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
