encrypting swap (was Re: TEST)

["Mr. Shannon Aldinger" <god@yinyang.hjsoft.com>]

On Mon, 7 Aug 2000, L. Besselink wrote:

> On Mon, 7 Aug 2000, Fire Dragon wrote:
> 
> have no idea, but if you can encrypt filesystems, why then not a swapfile
> (yes file), improving on swapfile performance would be greatly
> appreciapted by people anyway. You could also look into creating an
> encrypted swap as you are doing now, by patching your kernel first with
> kerneli.org patches.
>
These patches use the loopback feature, so if your swap partition is
/dev/hda2. The you setup /dev/loop2 for instance to point out to
/dev/hda2, tell it what type of encryption and feed it the key. Then run
swapon /dev/loop2 instead of /dev/hda2, then your swap is encrypted.
I've done this by hand a while back and it worked, never tryied automating
it in the init scripts.
 
> Those are at kerneli.org, but don't expect them to be added to the
> mainstream kernels just yet. Apart from coding style and so on (which
> could be a reason), Linus won't let it happen just yet, but eventually it
> will, so just go help them and it will be in the mainstream kernels soon
> enough.
> 
They also aren't getting included due to the US's munitions export
laws. Yes, cryptography falls under the same rules as 50mm shells, and
nukes. So don't expect the kerneli.org patches to get merged until after
those rules go away. Since Linus is in the US, his code and the whole
kernel falls under US export law, if he adds encryption.



Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/