Ross Boylan put forth on 1/8/2010 1:53 PM: > On Fri, 2010-01-08 at 05:26 -0600, Stan Hoeppner wrote: >> >> Never run encryption on swap. Doing so merely burdens performance. I >> doubt >> even NSA, CIA, MI6 encrypt swap partitions on workstations.
> This is completely contrary to the advice of the encryption folks. Car salesmen want to sell you a new car too, not that you necessarily need a new one. > You MUST encrypt swap in order for your system to be secure; otherwise > secrets in RAM may be recoverable from the swap partition. *MUST*? Always be careful when stating absolutes. There is always more than one way to skin a cat. Such as adding the following to rc.local: /sbin/swapoff -a /bin/dd if=/dev/zero of=/dev/sda5 changing sda5 to your swap partition device ID or filename if you're using a swap file instead of a partition. Depending on your disk speed and swap device size it'll add anywhere from 15 secs up to a minute or so to your shutdown time. But your swap will be zero'd. Zeros can't be decrypted, even if a cracker somehow got hold of the keys to the kingdom. ;) -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
