[ why is this more appropriate for tech-kern than tech-security? ]

Darren Reed writes:
>In some email I received from Michael K. Sanders, sie wrote:
>> Has anyone looked at the encrypted swap option Niels Provos added
>> to UVM in OpenBSD?

Judging by all the other responses, the answer to my query is a
resounding "No".  Niels was kind enough to post a reference to 
his paper, I'll include it here again.  This discussion would 
benefit greatly if people read it before commenting.

http://www.citi.umich.edu/u/provos/papers/swapencrypt.ps.gz

There are also PDF and image versions available at:

http://citeseer.nj.nec.com/provos00encrypting.html

>No, but I've been thinking about what it'd take to add that sort of
>feature to NetBSD.

Given that it has already been implemented for UVM, my initial reaction
would be "not very much", unless OpenBSD has managed to diverge
significantly already. :)

>I'm also interested in adding a "zero-swap on shutdown" feature that
>writes 0's over the entire swap partition when the box is shutdown
>normally (not a panic).

If the encryption keys are volatile, as discussed in the paper, you
get the irrecoverability on reboot benefit anyway.

:: Mike ::