Re: encrypted swap (was Re: [PATCH encrypted swsusp 1/3] core functionality)

From: Bodo Eggert <harvested.in.lkml@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu Apr 14 2005 - 05:59:00 EST

Next message: Christoph Hellwig: "Re: [linux-iscsi-devel] [ANNOUNCE] open-iscsi and linux-iscsi project teams have merged!"
Previous message: Christoph Hellwig: "Re: [patch 134/198] officially deprecate register_ioctl32_conversion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andy Isaacson <adi@xxxxxxxxxxxxx> wrote:

> * the key is automatically regenerated every 2 hours (or whatever); as
> pages encrypted under the old key age out, it can be freed eventually

Changing the key would not help, since if you can get the swap pages on
a running system, you can also get the keys, and if you are using a limited
set of keys (you obviously want that), using more than one key will just add
a small linear factor to cracking the whole swap data of an offline system.
--
Field experience is something you don't get until just after you need it.

Friß, Spammer: info@xxxxxxxxxxxxx webmaster@xxxxxxxxx borrowed@xxxxxxxxxxxxx
graspable9755@xxxxxxxxxxxx zm-e@xxxxxxxx several@xxxxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Hellwig: "Re: [linux-iscsi-devel] [ANNOUNCE] open-iscsi and linux-iscsi project teams have merged!"
Previous message: Christoph Hellwig: "Re: [patch 134/198] officially deprecate register_ioctl32_conversion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]