Subject: Re: zero'd swap & encrypted swap
To: None <tech-kern@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 06/14/2001 22:25:19
On Thu, Jun 14, 2001 at 08:42:13PM -0400, Lord Isildur wrote:
> I think better than to do encrypted NFS then would be to do a generic
> encrypted network connection. This sort of thing really should be in the
So, you just described IPsec.
However, this still doesn't solve the problem presented by swapping over
the network on a diskless workstation: that whatever was paged out while
you were running is available for inspection in a file on the disk of the
fileserver at the nefarious individual's convenience. If you encrypt swap,
the problem goes away.
Thor