Well you can set up encrypted swap quite easily, I am using swap
encrypted with a randomly generated key at each startup with AES-128 via
loop-aes and it is quite fast even on my older hardware (Intel Pentium M
1.7 GHz). When your swap is encrypted, you do not have to worry with
using tmpfs.
Regards,
Daniel Zavodsky
_____
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gerrard Geldenhuis
Sent: Wednesday, March 12, 2008 12:43 PM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: RE: [rhelv5-list] ramdisk vs tmpfs in terms of security
As nice as tmpfs is the risk is not worth it unfortunately. I can't have
any decrypted data wriiten to physical disk.
Regards
_____
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Zavodsky, Daniel
(GE Money)
Sent: 12 March 2008 10:55
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: RE: [rhelv5-list] ramdisk vs tmpfs in terms of security
I meant that even a full tmpfs may be swapped out if you are not
accessing the files and other programs need the memory. However, if you
create some files there, do operations on them and then immediately
delete them, a swap out should not occur at the time you are using the
tmpfs.
Best regards,
Daniel
_____
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gerrard Geldenhuis
Sent: Wednesday, March 12, 2008 11:35 AM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: RE: [rhelv5-list] ramdisk vs tmpfs in terms of security
That is a good point. However if there are no files on the tmpfs
partition at the time of swap out, then this should not be a problem I
believe.
Regards
_____
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Zavodsky, Daniel
(GE Money)
Sent: 12 March 2008 10:08
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: RE: [rhelv5-list] ramdisk vs tmpfs in terms of security
Hello,
Be careful, tmpfs *may* be swapped out at a later time if you are
not using it actively and other programs need the memory.
Thus, always use encrypted swap if you want to be on the safe side.
Best regards,
Daniel
_____
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gerrard Geldenhuis
Sent: Wednesday, March 12, 2008 10:58 AM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: [rhelv5-list] ramdisk vs tmpfs in terms of security
Hi
Can anyone comment of the security concerns of tmpfs vs ramdisk if used
as scratch space to decrypt/encrypt data?
According to my understanding tmpfs should be just as safe as ramdisk as
long as you limit the size to be smaller than the actual memory
available. My only concern is what would happen if your memory is full
and you then mount a new tmpfs. Will it be written to disk in swap
space, that at least is what I understand would happen, which would not
be great. But if you assign the tmpfs at boot time then there should not
be any problem unless you grow beyond the intial size.
Regards
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
