Women in Technology

Hear us Roar



Article:
  An Unencrypted Look at FileVault
Subject:   Vault and the swapfile
Date:   2003-12-21 13:39:09
From:   F.J.
Response to: Vault and the swapfile

Hi !


Would you worry about the contents of the swap file, you may want to write a script that automatically alters it on logout.


However, for most users, it should not be an issue.


Let me know if this helps !


F.J.

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Vault and the swapfile
    2003-12-21 14:15:01  anonymous2 [View]

    what do you mean, 'automatically alters it on logout'?

    to me, if something is written to the disk in the clear, ever, you're hosed. when they break out the scanning tunneling electron microscope they're going to find the data.

    what good is strong cryptography if your data gets written in the clear in a swap file??

    an easy fix is for apple to provide the option of encrypting the swap files too. Most of my linux machines use encrypted swap partitions, using the same software I use in linux to encrypt my /home partition.

    To me, until they add encrypted swap, FileVault is pretty much useless, and is only good for wasting CPU time. I suppose it makes it a bit more difficult to get your data, but a serious attacker is going to go straight for the swap files.
    • FJ de Kermadec photo Vault and the swapfile
      2003-12-21 14:23:13  FJ de Kermadec | O'Reilly Blogger [View]

      Hi again !

      Mac OS X allows you to automatically run shell scripts at logout. Would you want to delete the swap files, put them into an encrypted folder or volume, a script can do this for you.

      Also, it would be necessary to determine how much data gets written into the swap files, when, under which conditions... More information about how Mac OS X handles memory and such files can be found on the ADC website.

      F.J.