[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: encrypting swap (was Re: TEST)

To: James Stevenson <mistral@stevenson.zetnet.co.uk>
Subject: Re: encrypting swap (was Re: TEST)
From: Alexander Schreiber <Alexander.Schreiber@Informatik.TU-Chemnitz.DE>
Date: Wed, 16 Aug 2000 23:50:33 +0200 (MET DST)
cc: "Mr. Shannon Aldinger" <god@yinyang.hjsoft.com>, kernel-audit@nl.linux.org
In-Reply-To: <Pine.LNX.4.21.0008071439450.20543-100000@linux.home>
Sender: owner-kernel-audit@nl.linux.org

On Mon, 7 Aug 2000, James Stevenson wrote:

> 
> Hi
> 
> one of the things that i though was what is the point in encrypting the
> swap file under linux i do not see any benifits
> it would be slower
> no added security (/proc/kcore ?) unless the person who set the system
> up has left the swap world readable (duh) if you are root you can just
> poke around the processes memory anyway

The idea is not to protect you from someone gaining access as root to the
_running_ machine. Rather the scenario is as follows:

- you have a machine with sensitive data - a laptop for instance
- whenever the machine is running, it is sufficiently secure from 
  direct unauthorized access (because it is locked down real tight ->
  no unauthorized remote root access, you are sitting in front of it
  -> no unauthorized console acces),
- what happens if someone gains physical access to the machine after you
  turned it off - for instance it gets stolen?
  - attacker has physical access, so he can do _everything_ to the system
    to get at your data
  - all filesystems are encrypted, so no way to access them
  - _but_ the swap is normally wide open and very likely contains some
    sensitive data (paged out pages from processes handling said data),
    maybe even the password to access the filesysystems
 
This is where encrypted swap comes in: without the key, even the swapspace
contains only garbage. The key is generated new at each boot (with enough
random in it, maybe by doing an md5sum of ps -auxwww, and then throwing away
the key. This way the swap cannot be decrypted after reboot.

Regards,
        Alex.
-- 
------------------------------------------------------------------------------ 
 EMail : als@thangorodrim.de              | WWW : http://www.thangorodrim.de/
 "I think there's a world market for about five computers."
         -- attr. Thomas J. Watson (Chairman of the Board, IBM), 1943


Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

References:
- Re: encrypting swap (was Re: TEST)
  - From: James Stevenson <mistral@stevenson.zetnet.co.uk>

Prev by Date: RE: encrypting swap conversation
Next by Date: RE: encrypting swap
Prev by thread: Re: encrypting swap (was Re: TEST)
Next by thread: Re: TEST
Index(es):
- Date
- Thread