Otto Moerbeek wrote: > On Fri, Dec 14, 2007 at 01:02:42PM +0100, knitti wrote: > >> Gilbert, Douglas, >> >> swap encryption on OpenBSD is done different than what you >> advise. just use a sysctl for vm.swapencrypt.enable. Much less >> maintenance headaches. > > besides, since a few releases it has been enabled by default. > > -Otto
It's not that clear if it is, at least on the version of OpenBSD 4.2 I have. It's very much a plain vanilla setup however, /etc/sysctl.conf says: #vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap To me that implies that the swap is not encrypted by default. However, checking sysctl vm.swapencrypt.enable shows that it *is* enabled by default. What would be the correct method for asking for the default sysctl.conf to be updated? -Lars