[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: encrypting swap (was Re: TEST)

To: "Mr. Shannon Aldinger" <god@yinyang.hjsoft.com>
Subject: Re: encrypting swap (was Re: TEST)
From: James Stevenson <mistral@stevenson.zetnet.co.uk>
Date: Mon, 7 Aug 2000 14:41:56 +0000 (GMT)
cc: kernel-audit@nl.linux.org
In-Reply-To: <Pine.LNX.4.21.0008070905570.7070-100000@yinyang.hjsoft.com>
Sender: owner-kernel-audit@nl.linux.org


Hi

one of the things that i though was what is the point in encrypting the
swap file under linux i do not see any benifits
it would be slower
no added security (/proc/kcore ?) unless the person who set the system
up has left the swap world readable (duh) if you are root you can just
poke around the processes memory anyway

cya
	JAmes


On Mon, 7 Aug 2000, Mr. Shannon Aldinger wrote:

> On Mon, 7 Aug 2000, L. Besselink wrote:
> 
> > On Mon, 7 Aug 2000, Fire Dragon wrote:
> > 
> > have no idea, but if you can encrypt filesystems, why then not a swapfile
> > (yes file), improving on swapfile performance would be greatly
> > appreciapted by people anyway. You could also look into creating an
> > encrypted swap as you are doing now, by patching your kernel first with
> > kerneli.org patches.
> >
> These patches use the loopback feature, so if your swap partition is
> /dev/hda2. The you setup /dev/loop2 for instance to point out to
> /dev/hda2, tell it what type of encryption and feed it the key. Then run
> swapon /dev/loop2 instead of /dev/hda2, then your swap is encrypted.
> I've done this by hand a while back and it worked, never tryied automating
> it in the init scripts.
>  
> > Those are at kerneli.org, but don't expect them to be added to the
> > mainstream kernels just yet. Apart from coding style and so on (which
> > could be a reason), Linus won't let it happen just yet, but eventually it
> > will, so just go help them and it will be in the mainstream kernels soon
> > enough.
> > 
> They also aren't getting included due to the US's munitions export
> laws. Yes, cryptography falls under the same rules as 50mm shells, and
> nukes. So don't expect the kerneli.org patches to get merged until after
> those rules go away. Since Linus is in the US, his code and the whole
> kernel falls under US export law, if he adds encryption.
> 
> 
> 
> Kernel-audit:  discussion list for security and the linux kernel
> Archive:       http://mail.nl.linux.org/kernel-audit/
> 

-- 
---------------------------------------------
Check Out: http://www.users.zetnet.co.uk/james/
E-Mail: mistral@stevenson.zetnet.co.uk
  2:30pm  up 22:06,  8 users,  load average: 0.15, 0.35, 0.34


Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

Follow-Ups:
- Re: encrypting swap (was Re: TEST)
  - From: Denis Ducamp <Denis.Ducamp@hsc.fr>
- Re: encrypting swap (was Re: TEST)
  - From: Pollei <sjp@toolbuilders.com>
- Re: encrypting swap (was Re: TEST)
  - From: Alexander Schreiber <Alexander.Schreiber@Informatik.TU-Chemnitz.DE>

References:
- encrypting swap (was Re: TEST)
  - From: "Mr. Shannon Aldinger" <god@yinyang.hjsoft.com>

Prev by Date: RE: TEST
Next by Date: Re: TEST
Prev by thread: Re: encrypting swap (was Re: TEST)
Next by thread: Re: encrypting swap (was Re: TEST)
Index(es):
- Date
- Thread