Subject: Re: encrypted swap?
To: None <smb@research.att.com>
From: Niels Provos <provos@citi.umich.edu>
List: tech-kern
Date: 06/05/2001 01:17:27
>What is the point? What is the threat model that supports such
>behavior? More precisely, why do you want to encrypt your swap
>partition? (Caution: the rest of this response probably belongs in
>tech-crypto instead.)
As I said in my earlier email, it all depends on what kind of
adversary you want to protect against. In the paper, I have tried to
discuss the various issues. One of the them is that a user expects
that sensitive data vanishes with process termination.
The swap encryption that I descripe in the paper compromises by
leaving a time frame as window of vulnerability.
A suspended laptop when stolen has all valid keys in memory. A system
that uses a single key including CFS does not protect against this
threat.
Once more, to say it thrice, it all depends on your threat model.
Niels.