[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: encrypting swap

To: kernel-audit@nl.linux.org
Subject: Re: encrypting swap
From: Tim Robbins <fyre@box3n.gumbynet.org>
Date: Fri, 18 Aug 2000 13:29:44 +1000 (EST)
In-Reply-To: <20000817164401.A5295@lemuria.org>
Sender: owner-kernel-audit@nl.linux.org

Just my thoughts on this...

Use mlock() and munlock() to stop the memory getting paged to disk. It's
much harder (impossible?) to retrieve data from memory after it's been
zeroed or after the machine has been turned off. 

Quite a few programs do something similar to this but I can't think of any
examples right now. Since mlock and friends are not portable, I've seen
some programs just memset the sensitive data to zero.

I think encrypting swap would be hard to do quickly and securely - compare
copying a file across a network using scp to using ftp. On low end
hardware, the ftp transfer can go 10-20 times faster.

Tim


--
Tim Robbins
fyre@box3n.gumbynet.org



Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

Follow-Ups:
- Re: encrypting swap
  - From: Tom Vogt <tom@lemuria.org>

References:
- Re: encrypting swap
  - From: Tom Vogt <tom@lemuria.org>

Prev by Date: RE: encrypting swap
Next by Date: Re: encrypting swap
Prev by thread: Re: encrypting swap
Next by thread: Re: encrypting swap
Index(es):
- Date
- Thread