On 08.09.2012, Arno Wagner wrote: > So? You miss the point: If swap can be securely encrypted > independently, this decreases overall system complexity and > hence increase security. If swap is created on installation, encrypted with the same passphrase as the rest of the system, and just gets opened while booting, it is clearly _less_ complex than having it created on every single (re)boot, incl. generating a new passphrase. You simply boot, enter the passphrase and you're done. > For example, swap encryption done > this way will not be subject to any problems with weak > passwords. If you use weak passphrases, you have a substantial problem which goes far beyond the fact of automatic swapspace generation/encryption on boot vs. singe passphrase setup. Your whole system would be prone to brute force / dictionary attacks. Assuming your swap passphrase is randomly generated at boot-time, your swapspace would be secure, while the rest is not. That makes no sense to me. > And yes, it is possible that there are things in swap that > cannot be found in the data partitions. Swap encryption > solves a different problem than data partition encryption. You're right, I don't get the point. Really. > That other encryption could be insecure on the system is > immaterial, swap can (and should) be solved on its own. Frankly, nobody would try to attack swap on a fully encrypted system in the first place. If an attacker thinks it's worth the effort, where would he/she think are most of the relevant data? I strongly guess it would be the root and/or the home partition. > And, as I have pointed out, there are reasons to want swap > encryption even when noting else on the system is encrypted, > so the independent approach needs to be engineered anyways. I agree in this situation, just I don't understand why one would do that when all the rest is unencrypted. It's more likely that the various /tmp direcories will contain leaked sensitive data, or that sensitive data is dumped to disk under a crash or system fault. Even the randomly generated passphrase could leak/be dumped, because the root partition will be mounted before the swap is generated. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
