>> 
>> the risk of physical compromise is about the only reason to encrypt it, i 
>> think (or sero it), because that thwarts the attempts to recover data 
>
>I see you've never used a diskless workstation.
>

even that doesn't seem to make much sense to me...  so, if you are on a diskless workstation you encrypt swap, yet have your root filesystem mounted over unencrypted NFS?  And *where* does it read your encrypted password from when you log on?

At this point, you may as well encrypt NFS traffic as a whole, since anything less would be useless.  So what then is the point in encrypting swap, to re-encrypt it going back out on NFS?