On 1/8/2010 3:32 PM, Stan Hoeppner wrote:
Ross Boylan put forth on 1/8/2010 1:53 PM:
On Fri, 2010-01-08 at 05:26 -0600, Stan Hoeppner wrote:
Never run encryption on swap. Doing so merely burdens performance. I
doubt
even NSA, CIA, MI6 encrypt swap partitions on workstations.
I bet every three-letter agency encrypts swap, or does without swap.
This is completely contrary to the advice of the encryption folks.
Car salesmen want to sell you a new car too, not that you necessarily need a new
one.
You MUST encrypt swap in order for your system to be secure; otherwise
secrets in RAM may be recoverable from the swap partition.
*MUST*? Always be careful when stating absolutes. There is always more than
one way to skin a cat. Such as adding the following to rc.local:
/sbin/swapoff -a
/bin/dd if=/dev/zero of=/dev/sda5
changing sda5 to your swap partition device ID or filename if you're using a
swap file instead of a partition. Depending on your disk speed and swap device
size it'll add anywhere from 15 secs up to a minute or so to your shutdown time.
But your swap will be zero'd. Zeros can't be decrypted, even if a cracker
somehow got hold of the keys to the kingdom. ;)
--
Stan
Swap should always be encrypted on the principal of presenting minimal
attack surface. A running machine can have its cord yanked, and where
is your init script then? Yes, even a battery-powered laptop is
vulnerable to to forensics if caught red-handed, or in the case of evil
maid attacks, etc. Paranoids have enemies, too.
I know that many irresponsible people put employee data on a laptop and
then lose the machine. A good IT man plans for such boneheaded
behavior. It's like defensive driving. It's the *other* guy you have
to look out for, not yourself.
Mark Allums
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
