On Monday 20 October 2008 01:22:15 Robert Connolly wrote: > Also, I think we talked about adding loop-aes to hlfs a long time ago, > and it was voted against because its a physical security thing... but > with swap it's not. If someone has read access to the swap device > (someone in the 'disc' group), they could find sensitive information. > GnuPG can be configured not to use swap, but GnuPG is not the only > package that handles passwords or private files. Can we vote again? > Alternatively, the swap device could be configured in udev to have no > permissions (ugo-rwx) and owned by 'swap'... or both encrypted swap and > no permissions on the device (I like this idea best).
I am all for encrypted swap, using dm_crypt... $ cat /etc/crypttab swap /dev/disk/by-uuid/43c8e91d-06d4-4984-9e0f-5d521fe7daa4 /dev/urandom swap -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
