Subject: Re: encrypted swap?
To: Darren Reed <>
From: Michael K. Sanders <>
List: tech-kern
Date: 06/04/2001 14:47:32
[ why is this more appropriate for tech-kern than tech-security? ]

Darren Reed writes:
>In some email I received from Michael K. Sanders, sie wrote:
>> Has anyone looked at the encrypted swap option Niels Provos added
>> to UVM in OpenBSD?

Judging by all the other responses, the answer to my query is a
resounding "No".  Niels was kind enough to post a reference to 
his paper, I'll include it here again.  This discussion would 
benefit greatly if people read it before commenting.

There are also PDF and image versions available at:

>No, but I've been thinking about what it'd take to add that sort of
>feature to NetBSD.

Given that it has already been implemented for UVM, my initial reaction
would be "not very much", unless OpenBSD has managed to diverge
significantly already. :)

>I'm also interested in adding a "zero-swap on shutdown" feature that
>writes 0's over the entire swap partition when the box is shutdown
>normally (not a panic).

If the encryption keys are volatile, as discussed in the paper, you
get the irrecoverability on reboot benefit anyway.

:: Mike ::