Re: Q: encrypted swap
Robert Watson wrote: > > So, I think having the option to use encrypted swap on FreeBSD would be > > nice. Is anybody already working on this? If not, how do I get somebody > > to work on it? ;-) > > There has been discussion and substantial interest in an encrypted swap > interface on the freebsd-security mailing list in the last month or so. Ah. I guess I didn't use the right search criteria when checking the mailing lists then. Sorry. > So the short of it: infrastructure work is under way that should make > encrypted swap an easy addition in the near future. The layered approach sounds like a fine one to me. I can wait until Poul-Henning gets to it :) Cheers, Walter. -- Walter Belgers "Si hoc signum legere potes, operis boni in rebus [EMAIL PROTECTED] Latinis alacribus et fructuosis potiri potes!" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Q: encrypted swap
Mark Murray writes: > > So, I think having the option to use encrypted swap on FreeBSD > > would be nice. Is anybody already working on this? If not, how do > > I get somebody to work on it? ;-) > Ever since the Phoenecians invented money, there has been at least > one guaranteed answer to that :-) Actually, two. You can *always* work on something yourself!
Re: Q: encrypted swap
On Tue, 22 Aug 2000, Walter Belgers wrote: > Last week I was at USENIX where Niels Provos talked about his > implementation of encrypted swap in OpenBSD. What is does is encrypting > all memory that gets swapped out, keeping the encryption keys in memory. > A test showed that all kinds of interesting things wind up in the swap > partition; Niels himself found several passwords and his PGP passphrase > on his own laptop.. > > So, I think having the option to use encrypted swap on FreeBSD would be > nice. Is anybody already working on this? If not, how do I get somebody > to work on it? ;-) Walter, There has been discussion and substantial interest in an encrypted swap interface on the freebsd-security mailing list in the last month or so. It was concluded that it was best to wait until Poul-Henning Kemp finished improved infrastructure, allowing the stacking of devices and layers above devices. This would allow an abstracted "encrypted device" interface, supporting everything from encrypted swap (using a randomized key) to generic protected file systems (one key per partition protecting the file system). This would give substantial protection for those of us with mobile computing devices (generally notebooks) that have a tendancy to walk off in airports, for example :-). As an interim solution, I believe we support swap over NFS, so could swap to a local CFS partition. We could also look at solutions that cause swap partitions to be blanked at shutdown, although that's an inferior solution to true encrypted swap, as one tends to trust strong crypto a little more than the ability to delete the contents of magnetic disk platters :-). So the short of it: infrastructure work is under way that should make encrypted swap an easy addition in the near future. Robert N M Watson [EMAIL PROTECTED] http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Q: encrypted swap
> So, I think having the option to use encrypted swap on FreeBSD > would be nice. Is anybody already working on this? If not, how do > I get somebody to work on it? ;-) Ever since the Phoenecians invented money, there has been at least one guaranteed answer to that :-) M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Q: encrypted swap
Hi, Last week I was at USENIX where Niels Provos talked about his implementation of encrypted swap in OpenBSD. What is does is encrypting all memory that gets swapped out, keeping the encryption keys in memory. A test showed that all kinds of interesting things wind up in the swap partition; Niels himself found several passwords and his PGP passphrase on his own laptop.. So, I think having the option to use encrypted swap on FreeBSD would be nice. Is anybody already working on this? If not, how do I get somebody to work on it? ;-) Cheers, Walter. -- Walter Belgers "Si hoc signum legere potes, operis boni in rebus [EMAIL PROTECTED] Latinis alacribus et fructuosis potiri potes!" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message