On Wed, Sep 19, 2001 at 03:11:35PM -0500, Rob McGee wrote: > 1. # dd if=/dev/zero of=/SWAP bs=1M count=64 I think we've been over this before, but perhaps a return... I also usually use /dev/zero to init the fs, however doesn't this necessarily mean that when blocks are written under crypto, those blocks will stick out like sore thumbs to someone who wants to actually try to recover data? I see that Jarl overwrites with zeroes 20 times on startup in an attempt to destroy information from the previous session; however reboot time would seem a bit late to do this. Many machines never power down except for a hardware change or kernel update. Even my home workstation hasn't been rebooted in 10 days. Perhaps there should be a stop script in which the "overwrite ten times" occurs instead/also. Is there any *practicable* way to randomize the swap file contents before we losetup? Another question: if you run this script and there is a swap space already created, your password will go into it, so you had better make sure this is the first swap on. This would catch either script. Second point; when you have multiple swap spaces are the later ones actually getting used or are they just cathing overflow? I've not looked closely, but when I was having a serious memory leak problem with xplanetbg I added swap spaces and it looked very much like thay filled sequentially. In other words Rob, can you confirm that swapping to your crypto swap space actually occured? Did you try to swapoff the noncrypto one? And last, a not specifically crypto question.... does anyone know a way to include a swap *file* in /etc/fstab? Or do you always have to do it in boot scripts? I've looked around and never found any other way to do it. (obviously you cannot create a loopback mount in fstab, but could do the losetup early in boot and name it in fstab) -- ------------------------------------------------------ Use Linux: A computer Dale Amon, CEO/MD is a terrible thing Village Networking Ltd to waste. Belfast, Northern Ireland ------------------------------------------------------ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
