Subject: Re: encrypted swap?
To: Lord Isildur <email@example.com>
From: Greywolf <firstname.lastname@example.org>
Date: 06/04/2001 11:18:52
On Mon, 4 Jun 2001, Lord Isildur wrote:
# system anyhow. however, i would say thiat an attack on a swap device is most
# likely and serious when a machine is offline and the device can be physically
# manipulated- and there, zeroing out at shutdown is a pretty cheap way to
# defeat that. that would be a very useful thing to have. actually it could
# also be done bu just dd'ing /dev/zero to the swap devices listed in
# /etc/fstab, from the shutdown or halt commands...
Okay, has anyone given any thought to what's possible if someone can
force a panic and then interrupt the reboot? Or if they can cut power?
(this goes back to the very premise that if you've got physical access
to the machine - especially its guts - it is not secure. Period.)
# is there any hardware that encrypts/decrypts data to/from disk? thats where
# it ought to be done.. (of course, i think network interfaces ought to do
# encryption in hardware too :-)
Oh, just you wait. They're coming out with Copyright Protection on
hard drives; encryption is either part of that or won't be too hard
This depends on how many people sign up for that nonsense.
# my .02
NetBSD: it'll be there when you're ready for it.