From: Heinz Diehl <htd@fancy-poultry.org>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Encrypt all partitions with dm-crypt
Date: Sat, 8 Sep 2012 18:39:07 +0200 [thread overview]
Message-ID: <20120908163907.GA27265@fancy-poultry.org> (raw)
In-Reply-To: <20120908160558.GA27476@tansi.org>
On 08.09.2012, Arno Wagner wrote:
> So? You miss the point: If swap can be securely encrypted
> independently, this decreases overall system complexity and
> hence increase security.
If swap is created on installation, encrypted with the same
passphrase as the rest of the system, and just gets opened while
booting, it is clearly _less_ complex than having it created on every
single (re)boot, incl. generating a new passphrase.
You simply boot, enter the passphrase and you're done.
> For example, swap encryption done
> this way will not be subject to any problems with weak
> passwords.
If you use weak passphrases, you have a substantial problem which goes
far beyond the fact of automatic swapspace generation/encryption on
boot vs. singe passphrase setup. Your whole system would be prone to
brute force / dictionary attacks. Assuming your swap passphrase is
randomly generated at boot-time, your swapspace would be secure, while
the rest is not. That makes no sense to me.
> And yes, it is possible that there are things in swap that
> cannot be found in the data partitions. Swap encryption
> solves a different problem than data partition encryption.
You're right, I don't get the point. Really.
> That other encryption could be insecure on the system is
> immaterial, swap can (and should) be solved on its own.
Frankly, nobody would try to attack swap on a fully encrypted system
in the first place. If an attacker thinks it's worth the effort, where
would he/she think are most of the relevant data? I strongly guess it
would be the root and/or the home partition.
> And, as I have pointed out, there are reasons to want swap
> encryption even when noting else on the system is encrypted,
> so the independent approach needs to be engineered anyways.
I agree in this situation, just I don't understand why one would do
that when all the rest is unencrypted. It's more likely that the
various /tmp direcories will contain leaked sensitive data, or that
sensitive data is dumped to disk under a crash or system fault. Even
the randomly generated passphrase could leak/be dumped, because the
root partition will be mounted before the swap is generated.
next prev parent reply other threads:[~2012-09-08 16:39 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-22 12:10 [dm-crypt] Encrypt all partitions with dm-crypt Stayvoid
2012-08-22 12:24 ` Arno Wagner
2012-08-22 15:40 ` Stayvoid
2012-08-22 15:52 ` Heinz Diehl
2012-08-22 15:54 ` Matthew Monaco
2012-08-22 15:57 ` Javier Juan Martínez Cabezón
2012-08-23 7:28 ` Arno Wagner
2012-08-23 9:00 ` Christophe
2012-08-23 11:27 ` Arno Wagner
2012-08-23 14:12 ` Heinz Diehl
2012-08-23 15:10 ` Christophe
2012-08-23 16:07 ` Arno Wagner
2012-08-23 18:12 ` Milan Broz
2012-08-23 19:34 ` Arno Wagner
2012-08-24 14:01 ` Milan Broz
2012-08-24 14:40 ` Heinz Diehl
2012-08-24 15:14 ` Arno Wagner
2012-09-05 4:21 ` Stayvoid
2012-09-05 13:01 ` Arno Wagner
2012-09-06 12:54 ` Stayvoid
2012-09-06 16:46 ` Arno Wagner
2012-09-06 17:53 ` Heinz Diehl
2012-09-06 19:58 ` Arno Wagner
2012-09-07 16:10 ` Stayvoid
2012-09-07 19:04 ` Arno Wagner
2012-09-08 2:50 ` Stayvoid
2012-09-08 7:01 ` Milan Broz
2012-09-09 16:21 ` Stayvoid
2012-09-15 0:52 ` Stayvoid
2012-09-15 1:09 ` Matthew Monaco
2012-09-15 1:10 ` Matthew Monaco
2012-09-20 7:13 ` Stayvoid
2012-09-20 9:18 ` Javier Juan Martínez Cabezón
2012-09-21 5:01 ` Stayvoid
2012-09-21 10:01 ` Arno Wagner
2012-09-21 18:14 ` Stayvoid
2012-09-22 22:36 ` Stayvoid
2012-09-25 3:12 ` Stayvoid
2012-09-25 6:31 ` Matthew Monaco
2012-09-25 7:13 ` Stayvoid
2012-09-25 13:58 ` Stayvoid
2012-09-25 19:06 ` Matthew Monaco
2012-09-25 23:54 ` Stayvoid
2012-09-26 2:12 ` Matthew Monaco
2012-09-26 8:23 ` Stayvoid
2012-09-26 9:24 ` Matthew Monaco
2012-09-26 10:49 ` Stayvoid
2012-09-26 10:51 ` Stayvoid
2012-09-26 11:13 ` Matthew Monaco
2012-09-26 23:34 ` Stayvoid
2012-09-15 6:13 ` Javier Juan Martínez Cabezón
2012-09-08 8:13 ` Heinz Diehl
2012-09-08 13:26 ` Arno Wagner
2012-09-08 14:37 ` Heinz Diehl
2012-09-08 16:05 ` Arno Wagner
2012-09-08 16:39 ` Heinz Diehl [this message]
2012-09-08 19:36 ` Arno Wagner
2012-09-08 14:58 ` Marc MERLIN
2012-09-19 4:15 ` Two Spirit
2012-09-19 4:52 ` Javier Juan Martínez Cabezón
2012-09-19 5:13 ` Arno Wagner
2012-08-24 14:47 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120908163907.GA27265@fancy-poultry.org \
--to=htd@fancy-poultry.org \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.