Subject: Re: encrypted swap?
To: Todd Vierling <>
From: Michael K. Sanders <>
List: tech-security
Date: 06/04/2001 15:14:17
Todd Vierling writes:
>Encryption of swap at the swap-handling level, if this is what the option
>you allude to does, is a bit too specific of a feature.  To explain:

Sorry, I should have included a reference to the paper describing
the option in my original message.  See the following for background:

>All you really need is an encrypted block device layer, similar in concept
>to ccd.  You can even have swap *partitions* inside such a beast, or any
>other kind of data, including filesystems.  Oracle device-level databases
>(which have a great speed boot over file-based ones) come to mind as another
>non-fs application.

This sounds great for applications such as raw Oracle databases, 
Coda RVM, etc.  But for those applications, the data must be persistent,
and you don't really want that for swap.

>Now, this was supposedly implemented by one of the TNF developers, then
>"lost in the ether"...?


:: Mike ::