Article:  |
An Unencrypted Look at FileVault | |
| Subject: | Vault and the swapfile | |
| Date: | 2003-12-21 12:29:06 | |
| From: | anonymous2 | |
|
Response to: Vault and the swapfile
|
||
| I too worry about the swap file. that seems to me a glaring hole large enough to drive a truck through, unless the swap file is also encrypted. | ||
Showing messages 1 through 5 of 5.
-
Vault and the swapfile
2003-12-21 14:53:46 tychay [View]
-
Vault and the swapfile
2003-12-21 15:03:16 anonymous2 [View]
in linux though, it's pretty using to use an encrypted swap partition. -
Vault and the swapfile
2003-12-21 15:15:38 tychay [View]
Huh?
Swap files in Linux are stored in a special filesystem called "swap" which stripes the data across volumes. It is not encrypted.
It can be made to be encrypted. I only know of one majordistribution that has this feature (Mandrake) and it isn't well known nor enabled-by-default. The reason is that Linux is mostly used in a server environment where it is hard to physically compromise the machine.
There are a lot of "secure" distribution versions of popular distributions (Knoppix-MIB for instance) and software add ons (via init scripts) that can enable it. For the most part they work by doing what I suggested earlier with the minor difference that swapfiles in Darwin are files, not filesystems.
They also can be made to encrypt or hold resident in RAM /tmp. Another nice feature.
The best solution in the Darwin world is to port the secure swap features from OpenBSD.
Take care,
terry -
Vault and the swapfile
2003-12-21 17:22:41 anonymous2 [View]
check out http://loop-aes.sourceforge.net/
using an encrypted swap partition in linux is a compile of a kernel module away. I've been using it for over a year. In the past I used it with redhat, now I use it with gentoo.
-
Vault and the swapfile
2003-12-21 17:41:38 anonymous2 [View]
the stable gentoo kernel has a large crypto-API in it which I think can be used to encrypt swap also, I haven't checked yet
Take care,
terry