The problem is the way that the hard drive works. Even when the space is freed and the data is "written over" there are still traces of the data on the hard disk that can be retrieved fairly easily. By encrypting the swap even when the data is retrieved it will be useless to anyone without the password.
----- Original Message ----- From: "Lule George William" <[EMAIL PROTECTED]> To: "Ronny" <[EMAIL PROTECTED]> Cc: "Linux Users Group Uganda" <[email protected]> Sent: Tuesday, December 27, 2005 10:57 AM Subject: Re: [LUG] Why encrypt the swap partition? > Thanks Ronny for the pointers, but I am still wondering, when enough RAM > has > been freed, why should swap hang on to the objects that were kept there? > Why > not release them, the way RAM does? (Here I am assuming that you are not > doing any form of caching in the RAM) > > On Tuesday 27 December 2005 11:39, Ronny wrote: >> Thank God am still alive probably my day hasn't come yet. Well am not a >> security freak to that extent but he has a point. :-) >> >> >> 1 Encrypting your swap space >> >> /It's extremely important to encrypt swap space because if something >> sensitive is swapped out from ram to hard drive space you might end up >> needing to run DBAN over the hard drive for the best part of a week to >> make sure no one else can get it. >> loop-aes makes it very simple to encrypt swap space, and to boot it >> generates and uses a new random key each time. To enable this, simply >> modify your fstab entry for swap space:/ >> >> http://wiki.cacert.org/wiki/LoopAES#head-27cdf2c16fa1b7c4a364a5c2d57db5e492 >>2c429c >> >> >> /2 Encrypted swap space is pretty much a prerequisite for everything >> else >> because you don't want data that's encrypted on another device lying >> around decrypted in swap space. Fortunately this as well as encrypted >> file system volumes >> >> https://www.redhat.com/archives/fedora-devel-list/2004-July/msg00251.html >> >> 3 etc... :-) Unfortunately I have nothing to hide sofar >> Ronny >> Happy new year >> / >> >> ******************************************************************* >> PGP Fingerprint: 6695 794A B84E D922 88FB 73CC 6CBD 8036 B3CD 7304 >> We can't become what we need to be by remaining what we are >> ******************************************************************* >> >> Lule George William wrote: >> >Dear all, >> >Hope all of you are still alive after Christmas. Been researching on >> > something but stumbled on a posting where some guy is asking for help >> > on >> > how to encrypt the swap partition, but he didn't say why he wants to >> > encrypt it. I have tried to look at it from different perspectives, but >> > considering the circumstances that would force a machine to swap and >> > when >> > it does, the time data spends in swap, I still have failed to see why >> > someone would need to encrypt swap. Can someone help me on this before >> > I >> > dismiss the fellow as an over zealous security freak? > > -- > ************************************************************************ > Lule George William (Mr) > Network and Systems Administrator > Uganda Martyrs University, Nkozi > P.O. Box 5498 Kampala > Uganda > /* The only reason some people are alive is because it is illegal to shoot > them */ > > __________________________________ Yahoo! for Good - Make a difference this year. http://brand.yahoo.com/cybergivingweek2005/ _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
