Subject: Re: encrypted swap?
To: Darren Reed <email@example.com>
From: Michael K. Sanders <firstname.lastname@example.org>
Date: 06/04/2001 14:47:32
[ why is this more appropriate for tech-kern than tech-security? ]
Darren Reed writes:
>In some email I received from Michael K. Sanders, sie wrote:
>> Has anyone looked at the encrypted swap option Niels Provos added
>> to UVM in OpenBSD?
Judging by all the other responses, the answer to my query is a
resounding "No". Niels was kind enough to post a reference to
his paper, I'll include it here again. This discussion would
benefit greatly if people read it before commenting.
There are also PDF and image versions available at:
>No, but I've been thinking about what it'd take to add that sort of
>feature to NetBSD.
Given that it has already been implemented for UVM, my initial reaction
would be "not very much", unless OpenBSD has managed to diverge
significantly already. :)
>I'm also interested in adding a "zero-swap on shutdown" feature that
>writes 0's over the entire swap partition when the box is shutdown
>normally (not a panic).
If the encryption keys are volatile, as discussed in the paper, you
get the irrecoverability on reboot benefit anyway.
:: Mike ::