Subject: Re: encrypted swap?
To: None <smb@research.att.com>
From: Niels Provos <provos@citi.umich.edu>
List: tech-kern
Date: 06/05/2001 01:17:27
>What is the point?  What is the threat model that supports such 
>behavior?  More precisely, why do you want to encrypt your swap 
>partition?  (Caution:  the rest of this response probably belongs in 
>tech-crypto instead.)
As I said in my earlier email, it all depends on what kind of
adversary you want to protect against.  In the paper, I have tried to
discuss the various issues.  One of the them is that a user expects
that sensitive data vanishes with process termination.

The swap encryption that I descripe in the paper compromises by
leaving a time frame as window of vulnerability.

A suspended laptop when stolen has all valid keys in memory.  A system
that uses a single key including CFS does not protect against this
threat.

Once more, to say it thrice, it all depends on your threat model.

Niels.