Subject: Re: encrypted swap
To: None <tech-kern@netbsd.org>
From: Niels Provos <provos@citi.umich.edu>
List: tech-kern
Date: 06/04/2001 13:43:04
>I think the zero-out the swap on shutdown is more important than the
>encryption while running, and should be a lot easier and less painful
>on cpu.
May I suggest that you read the paper that I wrote about swap encryption.
You can find a copy of "Encrypting Virtual Memory" at
http://www.citi.umich.edu/u/provos/cv.html#papers
It contains the rationale for encryption, and discusses also
disadvantages of zeroing out pages on the swap partition. As always,
it all depends on the kind of adversary that you want to protect
against.
Niels.