Afaik swap is encrypted anyway on OpenBSD On 8 Feb 2018 6:52 PM, "Tinker" <t1...@protonmail.ch> wrote:
Hi misc@, I looked through previous discussions on whether a SWAP partition should be inside or outside the RAID partition when making a crypto softraid. The only argument I stumbled into was that it should be outside because swap is encrypted anyhow and it would be unnecessary to double-encrypt the swap. That seems like a weak argument to me, because swap is generally used rarely and so speed does not really matter anyhow, and, the swap partition is always used also as dump partition, and dumps are *not* encrypted. For the case that a dump would happen, you want the OS to encrypt it and the way to do that is to put the SWAP *inside* the RAID. Maybe a crash-dump can be induced somehow. Maybe someone would get hold of the HDD while the dump data is still on the swap partition because the OS has not booted again, which would otherwise normally migrate that dump data over to the filesystem. This is an extreme consideration though as a comprehensive motivation for a choice it appears to me to make all sense. Thoughts, comments? I would probably interpret no comments as that the SWAP should indeed be located inside the RAID for this said reason. Thanks, Tinker
