Subject: Re: encrypted swap?
To: None <,>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-security
Date: 06/05/2001 03:15:49
> Mind you, I don't object to using multiple keys -- *if* it doesn't
> complicate the code very much.  One key per swap partition is simple,
> given the amount of other state associated with each partition.
> Changing keys is not nearly as simple, since you have to worry about
> existing pages that are protected with the old key.

Only if the key change affects existing live pages.

This is one reason I'd be inclined to keep one key per swap partition
and one key per VM object.  Let the key used to encrypt be derived from
the pair - depending on the cryptosystem, it may be acceptable to do
something as bonehead-simple as XOR them; you also might use the one to
encrypt the other to get the bulk encryption key for that page.  For
that matter, if (for example) you're using 128-bit keys, you could let
64 of them be the partition key and the other 64 be the VM object key,
if the cryptosystem is resistant to the relevant related-key attack.

> Sure, it can be done, but it's a lot messier, and to me not worth the
> effort.

Heh.  Seeing as how it's not yet proven worth the effort of
implementing *any* of it to me... :-)

> Now, suppose the TLAs have some lovely algorithm that can beat 3DES,
> but only if they have a gigabyte or two of probable plaintext.
> Further suppose that They really want *you*.

Do they want me, or do they want my data? :-)

> Do they [...] [plant] a fiendish back door in some part of emacs that
> even Stallman hasn't looked at in a decade

Wouldn't do 'em any good; the emacs variant I use is a Gosling variant,
not a Stallman variant. :-)  Besides, for what it would cost them to
black-bag my place and plant that sort of deep hack in my computers,
they might even be able to just buy me.  (I don't know whether I'd sell
out or not...but I'm not sure I wouldn't.)

> -- or just subvert the NetBSD development process somehow.  (Don't
> laugh -- did you see the report about an distribution
> machine being hacked, as a result of a previous penetration of
> Sourceforge?  How much code do you run that you got from Apache
> and/or Sourceforge?  [...])

None.  But the general point is certainly valid.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B