On Sun, May 11, 2003 at 06:28:29PM +0300, Jari Ruusu wrote: > > > /dev/hda666 none swap sw,loop=/dev/loop6,encryption=AES128 0 0 > > > > Is that work with kernelI (with losetup and mount) patch? > > Any kernel Int cipher may be selected? > > kerneli.org version does not have 'encrypted swap' enabled swapon+swapoff. Yeah, I missed that. I handle the encryption only through losetup. The keys are generated from /dev/urandom and are piped to losetup in my scripts. Since I have 2 swap partitions I have "pri=1" in fstab options to specify the priorities (equal, to distribute swap among both.) The loop devices are listed in my fstab, not the underlying partitions; that again is handled by losetup in my rc.local script. So to answer the anonymous poster's query more fully: no, that type of fstab entry will not work with the kerneli patch, but you can accomplish the same thing using my scripts and "normal" fstab swap options. Thanks again, Jari. Sam, I think by now the original post in this thread has been beaten pretty badly, but I had intended some days back to point you to a discussion in comp.os.linux.security regarding "wiping" data from magnetic media. It is conceivable that even attackers of modest means could recover overwritten data, especially if overwritten with /dev/zero putput. http://groups.google.com/groups?selm=m3u1kvdtar.fsf%40mika.informatik.uni-freiburg.de My proposal had been to use badblocks to overwrite the data, and the above-referenced post explains why even that approach, whilst better than /dev/zero, would not provide much more security. "FBI" is mentioned numerous times in the thread as the threat model, but see the Gutmann paper also mentioned: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Not "light reading", but just go down to section 2. Gutmann suggested in 1996 that a powerful data recovery system could be built very cheaply: "If commercially-available SPM's are considered too expensive, it is possible to build a reasonably capable SPM for about US$1400, using a PC as a controller" Consider as well that he was saying this in 1996, with more valuable dollars buying more expensive computing equipment. It might be much lower in cost now -- certainly on much more powerful processors. Suppose an attacker seizes physical control of your system before a normal shutdown: your swap is readable. That's a low-tech, yet very effective, attack. No matter what your threat model, I'd recommend that you encrypt rather than wipe your swap devices. Rob - /dev/rob0 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
