Re: cryptoapi and swap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 20 September 2001 05:08, Rob McGee wrote:
<snip>
> I understand your point, but over time I don't think it will matter,
> because each boot (or running of the cron script) will reinitialise
> the device with a new password.
>
> But since I rarely exceed 40MB or so of swap in use, I should
> probably format my swap partitions (which formerly were unencrypted)
> with output from /dev/random or urandom.

Do you know how long it takes /dev/random to create 40Mbytes of 
entropy?? You don't want to wait a few days to boot, won't you?
Even /dev/urandom will take up to a few minutes for 40M. AND: It will 
deplete your entropy pool! You don't want that.

Also, I don't think it matters much whether the attacker can see which 
blocks have been written to.

The most important problem in encrypting swap is that either
1. the entropy pool isn't filled on bootup.
- -or-
2. the attacker possibly has access to the internal state of the entropy 
pool because the startup-scripts loaded /dev/random with initial data.

The best way is to maybe force a fsck of some (small) partitions 
_before_ swapon to give the entropy pool time to fill. Or use a small 
bonnie seek run. Then you use (this is my command for this)
head -c18 /dev/random | mimencode | losetup <...> -p0 <...>
to initialize the loop device. (the 18 is to get rid of the trailing ==; 
if you use 192 bit keys, you can just say 24).
You are on the absolute save side when using 128 bit keys. This, too, 
will save you entropy.

The idea of regular (every day; 12 h; depending on you usage of swap) 
re-keying is a good one.

Marc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7qeT33oWD+L2/6DgRAj/GAJ4lBw8hlw4H/8MIrGQKO+1oss7aNwCfXTlW
yBptEPVytD8O/PbaUWmTAZk=
=orec
-----END PGP SIGNATURE-----


o/

_

Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux