Subject: Re: encrypted swap?
To: Lord Isildur <>
From: Greywolf <>
List: tech-kern
Date: 06/04/2001 11:18:52
On Mon, 4 Jun 2001, Lord Isildur wrote:

# system anyhow. however, i would say thiat an attack on a swap device is most
# likely and serious when a machine is offline and the device can be physically
# manipulated- and there, zeroing out at shutdown is a pretty cheap way to
# defeat that. that would be a very useful thing to have. actually it could
# also be done bu just dd'ing /dev/zero to the swap devices listed in
# /etc/fstab, from the shutdown or halt commands...

Okay, has anyone given any thought to what's possible if someone can
force a panic and then interrupt the reboot?  Or if they can cut power?

(this goes back to the very premise that if you've got physical access
 to the machine - especially its guts - it is not secure.  Period.)

# is there any hardware that encrypts/decrypts data to/from disk? thats where
# it ought to be done.. (of course, i think network interfaces ought to do
# encryption in hardware too :-)

Oh, just you wait.  They're coming out with Copyright Protection on
hard drives; encryption is either part of that or won't be too hard
to implement.

This depends on how many people sign up for that nonsense.

# my .02
# isildur

NetBSD: it'll be there when you're ready for it.