On Monday 03 June 2002 10:25 pm, you wrote: [snip] > > > Why bother encrypting my swap? Losta passwords go in there in > > > plaintext, easily recoverable with a boot disk. > > > > Hrm, I'd argue that this isn't true. Many applications specifically pin > > pages so they aren't swappable (I.e. ssh). Not to mention a healthy > > linux box shouldn't be swapping bins out to disk while they are being > > actively used. Have you ever found a password there? > > Yea, I grep'ed it for fragments of several passwords I use and found them.
I'm a little skeptical. What size fragment? Statistically, you may find an arbitrary sequence if it's short enough. Did you actually try this after having booted with a boot disk? Even assuming it is a potential problem, has anyone done some simple web research? This *cannot* be a new concern. Before people start throwing around possible solutions, fixes, patches, etc. it would be good to look around for what is already known here, and it's certain to be quite a bit. Here are a two interesting references I found in 30 seconds: http://www.citi.umich.edu/u/provos/papers/swapencrypt.ps.gz http://mail-index.netbsd.org/tech-kern/2001/06/04/0013.html In short, I think one has to be severely paranoid to want to pay the costs (performance, physical security, time, labor, risk of data loss--forgetting password--etc.) associated with this. A cost/benefit analysis is called for. shawn. _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
