Subject: Re: encrypted swap?
To: Michael K. Sanders <email@example.com>
From: Jason R Thorpe <firstname.lastname@example.org>
Date: 06/04/2001 15:30:17
On Mon, Jun 04, 2001 at 03:14:17PM -0700, Michael K. Sanders wrote:
> This sounds great for applications such as raw Oracle databases,
> Coda RVM, etc. But for those applications, the data must be persistent,
> and you don't really want that for swap.
Well, for swap, you'd obviously want to use a random key, at very least.
I haven't read the paper yet, so I don't know how many keys they use for
swap... but you could do it per-swapdev, or even something like per-thing-
that-is-backed-by-swap, i.e. generate a random key whenever you assign
a "swapslot" to an object/anon.
> >Now, this was supposedly implemented by one of the TNF developers, then
> >"lost in the ether"...?
A fresh implementation of a cipher block device should take all of an
evening or two to write. Maybe I'll write one this week.
-- Jason R. Thorpe <email@example.com>