On Tue, 6 Jul 2004 03:00, "mike@xxxxxxxx" <mike@xxxxxxxx> wrote: > > - encrypted swap > > This shouldn't be too hard. There are a lot of scripts out there that do > this. The only issue is the timing of things. Generally, encrypted swap > needs to be initialized after the RNG entropy pool. As mentioned before, > this is probably a prerequisite to all of the other encryption features. I agree, encrypted swap has to be the first step. One advantage of it is that if things go badly wrong you won't lose data that's stored on disk (of course trashing process address space will result in some bad data being written to disk, but it will be small compared to the potential results of an encrypted file system going wrong). We could probably release a FC test version with encrypted swap as a default and see how it goes. It would be good to get some wide-spread testing of the kernel code for encrypted block devices... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
