Women in Technology

Hear us Roar



Article:
  An Unencrypted Look at FileVault
Subject:   Vault and the swapfile
Date:   2003-12-20 10:05:43
From:   anonymous2
The truly paranoid in the Unix world :) worry about the virtual memory system that copies memory to disc when real memory runs out.


I've always figured that File Vault doesn't address this question. Sure the original key-corporate document is encrypted, but if you edit it with Word, chances are that at least bits of it are copied in clear-text to the swap file.


Is Apple looking to address this, for the truly paranoid :)

Full Threads Oldest First

Showing messages 1 through 11 of 11.

  • Vault and the swapfile
    2004-01-11 12:14:16  anonymous2 [View]

    Now I don't recomend this to anyone really, but I when I sent a powermac g4 in for repairs, what I did, is I logged in as root, and used secure delete on the swap file. restarted the computer and let it recreate the swap file. Now this could be a VERY incorrect way of doing this. But it doesn't appear to have damaged my mac os x installtion. Do I do this often no, only once. But i don't think it would hurt if you were going to sell the computer, or send it in for repairs. Let me know if I am mistaken.
  • Vault and the swapfile
    2003-12-21 14:50:37  tychay [View]

    There are free scripts around that will allow you to store your swap file on a separate drive (for instance, search for SwapRelocator). These are invariably written in shell script and just modify some of the quirky startup procedure behavior on the Mac.

    I'm sure you can modify it to mount a SPARSE AES-128 dmg (hdiutil mount <dmg file name>) and then use it as the swap file location. This should prevent anyone doing forensic attacks on the swap files.

    I have not tried this myself. Obviously, there will be a performance it if your Mac has been idle for a while. A lot of people forget that the Mac is a Unix underneath. More and more utils are getting command line equivalents (Thank God).

    Hope this helps,

    terry
  • FJ de Kermadec photo Vault and the swapfile
    2003-12-21 13:39:09  FJ de Kermadec | O'Reilly Blogger [View]

    Hi !

    Would you worry about the contents of the swap file, you may want to write a script that automatically alters it on logout.

    However, for most users, it should not be an issue.

    Let me know if this helps !

    F.J.
    • Vault and the swapfile
      2003-12-21 14:15:01  anonymous2 [View]

      what do you mean, 'automatically alters it on logout'?

      to me, if something is written to the disk in the clear, ever, you're hosed. when they break out the scanning tunneling electron microscope they're going to find the data.

      what good is strong cryptography if your data gets written in the clear in a swap file??

      an easy fix is for apple to provide the option of encrypting the swap files too. Most of my linux machines use encrypted swap partitions, using the same software I use in linux to encrypt my /home partition.

      To me, until they add encrypted swap, FileVault is pretty much useless, and is only good for wasting CPU time. I suppose it makes it a bit more difficult to get your data, but a serious attacker is going to go straight for the swap files.
      • FJ de Kermadec photo Vault and the swapfile
        2003-12-21 14:23:13  FJ de Kermadec | O'Reilly Blogger [View]

        Hi again !

        Mac OS X allows you to automatically run shell scripts at logout. Would you want to delete the swap files, put them into an encrypted folder or volume, a script can do this for you.

        Also, it would be necessary to determine how much data gets written into the swap files, when, under which conditions... More information about how Mac OS X handles memory and such files can be found on the ADC website.

        F.J.
  • Vault and the swapfile
    2003-12-21 12:29:06  anonymous2 [View]

    I too worry about the swap file. that seems to me a glaring hole large enough to drive a truck through, unless the swap file is also encrypted.
    • Vault and the swapfile
      2003-12-21 14:53:46  tychay [View]

      Hardly. Windows and Unix have this same "glaring hole". Most of what goes in the swapfile are idle system and application libraries.

      Take care,

      terry
      • Vault and the swapfile
        2003-12-21 15:03:16  anonymous2 [View]

        in linux though, it's pretty using to use an encrypted swap partition.
        • Vault and the swapfile
          2003-12-21 15:15:38  tychay [View]

          Huh?

          Swap files in Linux are stored in a special filesystem called "swap" which stripes the data across volumes. It is not encrypted.

          It can be made to be encrypted. I only know of one majordistribution that has this feature (Mandrake) and it isn't well known nor enabled-by-default. The reason is that Linux is mostly used in a server environment where it is hard to physically compromise the machine.

          There are a lot of "secure" distribution versions of popular distributions (Knoppix-MIB for instance) and software add ons (via init scripts) that can enable it. For the most part they work by doing what I suggested earlier with the minor difference that swapfiles in Darwin are files, not filesystems.

          They also can be made to encrypt or hold resident in RAM /tmp. Another nice feature.

          The best solution in the Darwin world is to port the secure swap features from OpenBSD.

          Take care,

          terry
          • Vault and the swapfile
            2003-12-21 17:22:41  anonymous2 [View]

            check out http://loop-aes.sourceforge.net/

            using an encrypted swap partition in linux is a compile of a kernel module away. I've been using it for over a year. In the past I used it with redhat, now I use it with gentoo.

            • Vault and the swapfile
              2003-12-21 17:41:38  anonymous2 [View]

              the stable gentoo kernel has a large crypto-API in it which I think can be used to encrypt swap also, I haven't checked yet