From owner-freebsd-current  Sat Jan 11  3:43:23 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0CEE437B401
	for <freebsd-current@FreeBSD.ORG>; Sat, 11 Jan 2003 03:43:22 -0800 (PST)
Received: from HAL9000.homeunix.com (12-233-57-224.client.attbi.com [12.233.57.224])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9375943F6D
	for <freebsd-current@FreeBSD.ORG>; Sat, 11 Jan 2003 03:43:21 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: from HAL9000.homeunix.com (localhost [127.0.0.1])
	by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id h0BBhIIZ005066;
	Sat, 11 Jan 2003 03:43:18 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: (from das@localhost)
	by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id h0BBhIXN005065;
	Sat, 11 Jan 2003 03:43:18 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Date: Sat, 11 Jan 2003 03:43:18 -0800
From: David Schultz <dschultz@uclink.Berkeley.EDU>
To: Lucky Green <shamrock@cypherpunks.to>
Cc: freebsd-current@FreeBSD.ORG
Subject: Re: 5.0 without swap
Message-ID: <20030111114318.GD3961@HAL9000.homeunix.com>
Mail-Followup-To: Lucky Green <shamrock@cypherpunks.to>,
	freebsd-current@FreeBSD.ORG
References: <20030111110819.1be840f1.flynn@energyhq.homeip.net> <00ba01c2b95a$8d385670$6601a8c0@VAIO650>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <00ba01c2b95a$8d385670$6601a8c0@VAIO650>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Thus spake Lucky Green <shamrock@cypherpunks.to>:
> Miguel wrote:
> > Having no swap will prevent you from getting crashdumps in 
> > case of panic which, if you run 5.0, is not that unusual. 
> > Besides these days harddrives cost $1/GB, so why not setup 
> > the swap partition anyway?
> 
> I don't want cleartext cryptographic keys to ever touch magnetic media,
> thus potentially opening the door to future forensic analysis.

You can accomplish that by wiring the pages containing your
cryptographic keys, rather than effectively wiring every page in
the system by having no swap space.  Alternatively, unless you're
really paranoid, it's probably sufficient to write over your swap
partition with random data before you shut down the system.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message