Subject: Re: encrypted swap?
To: None <mrfusion@umbar.vaxpower.org, wojtek@wojtek.3miasto.net>
From: None <eeh@netbsd.org>
List: tech-kern
Date: 06/04/2001 14:25:56
	I think the zero-out the swap on shutdown is more important than the 
	encryption while running, and should be a lot easier and less painful on 
	cpu. if someone can compromise the system enough to get permissions to 
	read the swap device directly (if it's properly protected to begin with) 
	then he can directly read kmem or do anything else he wishes with the 
	system anyhow. however, i would say thiat an attack on a swap device is most
	likely and serious when a machine is offline and the device can be physically
	manipulated- and there, zeroing out at shutdown is a pretty cheap way to
	defeat that. that would be a very useful thing to have. actually it could 
	also be done bu just dd'ing /dev/zero to the swap devices listed in 
	/etc/fstab, from the shutdown or halt commands... 

In most cases if someone has physical access to the swap partition
he also has physical access to the root partition with the encrypted
passwords.  If someine has physical access to a disk you lose.  There's
little point in worrying about encrypted swap before you implement
encrypted filesystems.  (And even then, once you've implemented an
encrypted filesystem you can swap to an encrypted file, so encrypting
or even zeroing swap is silly even then.)

Eduardo