On Mon, 4 Jun 2001, Michael K. Sanders wrote:

[snip]

> >I'm also interested in adding a "zero-swap on shutdown" feature that
> >writes 0's over the entire swap partition when the box is shutdown
> >normally (not a panic).
> 
> If the encryption keys are volatile, as discussed in the paper, you
> get the irrecoverability on reboot benefit anyway.

Except it leaves nice juicy bits of encrypted data (multi megabytes, in
fact) ready for your favorite cryptanalyst to attack, probably along with
known plaintext (libraries, files loaded into memory, etc. ;-)

If you're paranoid enough to encrypt swap, though, you probably have to
take other physical measures to ensure your data isn't stolen. Anyone for
adding a doberman pinscher to the kernel, preferably as an OPTION?

-
Jon
 --------------------------------------------------------------------
 "'The chicken,' it's been said, 'is just an eggs way of making more
  eggs.'" -- Alton Brown