Date: Mon, 27 Aug 2001 21:59:14 -0400 From: Brian T.Schellenberger <bts@babbleon.org> To: Damage <damage_z@yahoo.com>, freebsd-questions@FreeBSD.ORG Subject: Re: encrypted swap Message-ID: <01082721591401.26623@i8k.babbleon.org> In-Reply-To: <20010827090337.21931.qmail@web10406.mail.yahoo.com> References: <20010827090337.21931.qmail@web10406.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 27 August 2001 05:03, Damage wrote: > Hello, > > Can someone point me to helpful reference on building encrypted swap under > FBSD 4.x? I've doing a little reading up on 'cfs' and searched through > TrustedBSD to no avail. I use cfs, and it's pretty cool, but swap space doesn't use a file system in the usual sense, so you couldn't use it for that, I don't think. But I wonder why you want to encrypt swap, anyway; it would be dreadfully slow. I have two suggestions for making sure that your security isn't broken via swap vulerabilities: First, memory is cheap these days. Buy enough memory to truly meet your needs and then simply disable swap altogether. No memory is persisted, no worries. Second, if you don't like that . . . Remember, anybody who can read swap on the live machine must have root access, in which case they can read /dev/kmem, in which case, encrypting swap won't protect you. So hopefully you are more worried about somebody getting information from the machine after it's shut down. Why not just add some code to the shutdown sequence, after the swap is turned off, to re-write the swap space with zeros or something? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01082721591401.26623>