From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jEfhTfqQyeZc for ; Sat, 8 Sep 2012 18:39:09 +0200 (CEST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 8 Sep 2012 18:39:08 +0200 (CEST) Date: Sat, 8 Sep 2012 18:39:07 +0200 From: Heinz Diehl Message-ID: <20120908163907.GA27265@fancy-poultry.org> References: <20120905130125.GB11942@tansi.org> <20120906164659.GA20640@tansi.org> <20120906175309.GA1621@fancy-poultry.org> <20120906195810.GA24770@tansi.org> <20120908081338.GC1540@fancy-poultry.org> <20120908132654.GB23589@tansi.org> <20120908143718.GA26985@fancy-poultry.org> <20120908160558.GA27476@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120908160558.GA27476@tansi.org> Subject: Re: [dm-crypt] Encrypt all partitions with dm-crypt List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 08.09.2012, Arno Wagner wrote: > So? You miss the point: If swap can be securely encrypted > independently, this decreases overall system complexity and > hence increase security. If swap is created on installation, encrypted with the same passphrase as the rest of the system, and just gets opened while booting, it is clearly _less_ complex than having it created on every single (re)boot, incl. generating a new passphrase. You simply boot, enter the passphrase and you're done. > For example, swap encryption done > this way will not be subject to any problems with weak > passwords. If you use weak passphrases, you have a substantial problem which goes far beyond the fact of automatic swapspace generation/encryption on boot vs. singe passphrase setup. Your whole system would be prone to brute force / dictionary attacks. Assuming your swap passphrase is randomly generated at boot-time, your swapspace would be secure, while the rest is not. That makes no sense to me. > And yes, it is possible that there are things in swap that > cannot be found in the data partitions. Swap encryption > solves a different problem than data partition encryption. You're right, I don't get the point. Really. > That other encryption could be insecure on the system is > immaterial, swap can (and should) be solved on its own. Frankly, nobody would try to attack swap on a fully encrypted system in the first place. If an attacker thinks it's worth the effort, where would he/she think are most of the relevant data? I strongly guess it would be the root and/or the home partition. > And, as I have pointed out, there are reasons to want swap > encryption even when noting else on the system is encrypted, > so the independent approach needs to be engineered anyways. I agree in this situation, just I don't understand why one would do that when all the rest is unencrypted. It's more likely that the various /tmp direcories will contain leaked sensitive data, or that sensitive data is dumped to disk under a crash or system fault. Even the randomly generated passphrase could leak/be dumped, because the root partition will be mounted before the swap is generated.