Subject: Re: encrypted swap?
To: None <tech-kern@netbsd.org>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: tech-kern
Date: 06/04/2001 18:30:12
smb@research.att.com (Steven M. Bellovin) writes:
> To me, at least, the point of an encrypted swap area is to defeat
> "seized machine" attacks, not real-time attacks.
Good point.
One other thing folks might want to keep in mind (with respect to the
initial proposal of zero-ing swap) is that a single zero-fill may not
prevent someone with physical access to the disk from reading the
fringe fields. (I assume that is expensive and requires opening up
the disk, but with valuable enough info, who knows that lengths some
bad-guy will go to.)
I understand that paranoid disk-erase programs will do a few
random-fills to "stir the broth" a bit and make it harder for the
bad-guy to figure out which bit is real and which is part of the
erase-data.
-wolfgang
--
Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/