Women in Technology

Hear us Roar



Article:
  An Unencrypted Look at FileVault
Subject:   Vault and the swapfile
Date:   2003-12-21 15:15:38
From:   tychay
Response to: Vault and the swapfile

Huh?


Swap files in Linux are stored in a special filesystem called "swap" which stripes the data across volumes. It is not encrypted.


It can be made to be encrypted. I only know of one majordistribution that has this feature (Mandrake) and it isn't well known nor enabled-by-default. The reason is that Linux is mostly used in a server environment where it is hard to physically compromise the machine.


There are a lot of "secure" distribution versions of popular distributions (Knoppix-MIB for instance) and software add ons (via init scripts) that can enable it. For the most part they work by doing what I suggested earlier with the minor difference that swapfiles in Darwin are files, not filesystems.


They also can be made to encrypt or hold resident in RAM /tmp. Another nice feature.


The best solution in the Darwin world is to port the secure swap features from OpenBSD.


Take care,


terry

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Vault and the swapfile
    2003-12-21 17:22:41  anonymous2 [View]

    check out http://loop-aes.sourceforge.net/

    using an encrypted swap partition in linux is a compile of a kernel module away. I've been using it for over a year. In the past I used it with redhat, now I use it with gentoo.

    • Vault and the swapfile
      2003-12-21 17:41:38  anonymous2 [View]

      the stable gentoo kernel has a large crypto-API in it which I think can be used to encrypt swap also, I haven't checked yet