On Sat, Nov 22, 2008 at 5:48 AM, Matej Kovacic <[EMAIL PROTECTED]> wrote: > ... > But the problem is, that Ubuntu uses swap partition of the host machine.
this isn't much of a problem if you use encrypted swap with an ephemeral / one time key. power off the host (and wait for DRAM to drain :) and you should be in good shape. if data remanence attacks are in your threat model you've probably got bigger concerns about porting your OS around random hardware though. regarding using the USB for full OS/swap: the duty cycle of flash memory is significantly less than disk platters. if you can make use of disk swap safely it would probably be useful to do so. booting from read only ISO media also provides some integrity benefit. (8.10 supports LVM+LUKS which can provide the encrypted swap without the key management headaches eCryptfs avoids. and both take advantage of hardware crypto acceleration in kernel so those with VIA padlock cores and other crypto offload won't even notice the overhead!) my $0.02 best regards,

