Subject: Re: encrypted swap?
To: Michael K. Sanders <>
From: Todd Vierling <>
List: tech-security
Date: 06/04/2001 11:28:45
On Mon, 4 Jun 2001, Michael K. Sanders wrote:

: Has anyone looked at the encrypted swap option Niels Provos added
: to UVM in OpenBSD?

Encryption of swap at the swap-handling level, if this is what the option
you allude to does, is a bit too specific of a feature.  To explain:

On 4 Jun 2001 wrote:

: There's little point in worrying about encrypted swap before you
: implement encrypted filesystems.  (And even then, once you've
: implemented an encrypted filesystem you can swap to an encrypted file,
: so encrypting or even zeroing swap is silly even then.)

All you really need is an encrypted block device layer, similar in concept
to ccd.  You can even have swap *partitions* inside such a beast, or any
other kind of data, including filesystems.  Oracle device-level databases
(which have a great speed boot over file-based ones) come to mind as another
non-fs application.

Now, this was supposedly implemented by one of the TNF developers, then
"lost in the ether"...?

-- Todd Vierling (