Subject: Re: zero'd swap & encrypted swap
To: None <>
From: Lord Isildur <>
List: tech-kern
Date: 06/14/2001 20:42:13
I think better than to do encrypted NFS then would be to do a generic 
encrypted network connection. This sort of thing really should be in the
network hardware, but thats not too common on the market.. so well have 
to live with it in software.. but it shoudl really be in the network then
and not NFS only. one could use it for other things, then, too. 

On Thu, 14 Jun 2001 wrote:

> >> 
> >> the risk of physical compromise is about the only reason to encrypt it, i 
> >> think (or sero it), because that thwarts the attempts to recover data 
> >
> >I see you've never used a diskless workstation.
> >
> even that doesn't seem to make much sense to me...  so, if you are on a diskless workstation you encrypt swap, yet have your root filesystem mounted over unencrypted NFS?  And *where* does it read your encrypted password from when you log on?
> At this point, you may as well encrypt NFS traffic as a whole, since anything less would be useless.  So what then is the point in encrypting swap, to re-encrypt it going back out on NFS?