Re: Encrypted Swap

From: Brian May (bam@snoopy.apana.org.au)
Date: Tue Aug 07 2001 - 04:52:23 EST

Next message: Rob Landley: "Re: RP_FILTER runs too late"
Previous message: Pavel Machek: "Working reiserfsck?"
In reply to: Steve VanDevender: "Re: Encrypted Swap"
Next in thread: Joel Jaeggli: "Re: Encrypted Swap"
Reply: Joel Jaeggli: "Re: Encrypted Swap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> "Steve" == Steve VanDevender <stevev@efn.org> writes:

    Steve> The obvious approach to me would to generate a random
    Steve> session key at boot time and use that for
    Steve> encrypting/decrypting swap pages. If the machine is
    Steve> unplugged and the disk pulled out, then the swap area on
    Steve> that disk could not be recovered the attacker, who

Example: disk is faulty and will no longer work. How do you guarantee
that nobody will be able to read it after you toss it out OR return it
to the manufacturer to claim for warranty?

(of course, encrypting swap space is only part of the solution, here
you need to encrypt everything).

-- 
Brian May <bam@snoopy.apana.org.au>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Rob Landley: "Re: RP_FILTER runs too late"
Previous message: Pavel Machek: "Working reiserfsck?"
In reply to: Steve VanDevender: "Re: Encrypted Swap"
Next in thread: Joel Jaeggli: "Re: Encrypted Swap"
Reply: Joel Jaeggli: "Re: Encrypted Swap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Aug 07 2001 - 21:00:43 EST