From: "D. Stimits" <stimits@idcomm.com>
To: unlisted-recipients:; (no To-header on input)@localhost.localdomain
Cc: linux-kernel@vger.kernel.org
Subject: Re: encrypted swap
Date: Tue, 07 Aug 2001 15:56:45 -0600 [thread overview]
Message-ID: <3B70641D.CF5F48B9@idcomm.com> (raw)
In-Reply-To: <D52B19A7284D32459CF20D579C4B0C0211C9A8@mail0.myrio.com> <Pine.LNX.4.33L2.0108072212590.18776-100000@spiral.extreme.ro> <9kpl82$iao$1@abraham.cs.berkeley.edu>
David Wagner wrote:
>
> Dan Podeanu wrote:
> >If its going to be stolen while its offline, you
> >can have your shutdown scripts blank the swap partition [...]
>
> Erasing data, once written, is deceptively difficult.
> See Peter Gutmann's excellent paper on the subject at
> http://www.usenix.org/publications/library/proceedings/sec96/gutmann.html
>
> It turns out that the easiest way to solve this problem is to make sure
> you only ever write to the swap partition in encrypted form, and then when
> you want to erase it securely, just throw away the key used to encrypt it.
> (You have to securely erase this key, but it is much easier to erase
> this key securely, because it is shorter and because you can arrange
> that it only resides in RAM.)
>
> It is critical that you choose a new encryption key each time you boot.
> (Requiring users to enter in passphrases manually is unlikely to work well.)
You could easily create a pass phrase that is a combination of a user
defined pass, and a random device generation. During suspend of the
laptop, you could force it to forget only the user defined portion, and
ask that it get re-entered on resume. Keyboard snooping would only
provide a small part of the key; though it would aid attacks to know
part of the key, each reboot would invalidate the per-session key, and
each suspend or boot would also invalidate the user key (the user could
choose a different user key each boot, but that key would remain in
effect for the remainder of the boot; one could be so devious as to also
force the user key portion to pass a one-way hash, like MD5, against a
permanent pass file, if the permanent pass file was not itself on an
encrypted partition).
D. Stimits, stimits@idcomm.com
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2001-08-07 21:56 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-07 18:53 encrypted swap Torrey Hoffman
2001-08-07 19:15 ` Thomas Pornin
2001-08-07 19:23 ` Dan Podeanu
2001-08-07 19:48 ` Andreas Dilger
2001-08-07 20:04 ` Marty Poulin
2001-08-07 21:06 ` David Wagner
2001-08-07 21:56 ` D. Stimits [this message]
2001-08-07 21:44 ` Pavel Machek
2001-08-07 19:48 ` Justin Guyett
2001-08-07 20:05 ` Alan Cox
2001-08-07 20:17 ` Bill Rugolsky Jr.
[not found] <fa.kmbqblv.v3uvig@ifi.uio.no>
2001-08-18 14:53 ` Encrypted Swap Ted Unangst
2001-08-18 15:17 ` Mr. James W. Laferriere
2001-08-20 11:03 ` Helge Hafting
-- strict thread matches above, loose matches on Subject: below --
2001-08-17 17:10 David Christensen
2001-08-17 17:21 ` Richard B. Johnson
2001-08-17 18:41 ` Eric W. Biederman
2001-08-17 19:05 ` Dan Hollis
2001-08-18 9:52 ` Eric W. Biederman
2001-08-18 10:24 ` Nicholas Knight
2001-08-18 12:32 ` Eric W. Biederman
2001-08-17 19:20 ` Richard B. Johnson
2001-08-18 10:34 ` Eric W. Biederman
2001-08-07 21:40 encrypted swap David Spreen
2001-08-07 17:30 Encrypted Swap David Maynor
2001-08-07 17:27 ` Rik van Riel
2001-08-07 15:28 encrypted swap David Maynor
2001-08-07 15:51 ` Florian Weimer
2001-08-07 15:06 David Maynor
2001-08-07 15:11 ` Florian Weimer
2001-08-07 15:43 ` Joel Jaeggli
2001-08-07 15:30 ` Garett Spencley
2001-08-07 16:21 ` David Spreen
2001-08-08 8:11 ` Helge Hafting
2001-08-07 14:37 David Maynor
2001-08-07 14:48 ` Billy Harvey
2001-08-07 16:03 ` Chris Wedgwood
[not found] <no.id>
2001-08-07 14:17 ` Encrypted Swap Alan Cox
2001-08-07 15:16 ` Crutcher Dunnavant
2001-08-07 16:01 ` Chris Wedgwood
2001-08-07 2:28 David Spreen
2001-08-07 3:56 ` Justin Guyett
2001-08-07 4:01 ` Chris Wedgwood
2001-08-07 4:12 ` Steve VanDevender
2001-08-07 4:23 ` John Polyakov
2001-08-07 4:36 ` Chris Wedgwood
2001-08-07 5:12 ` Garett Spencley
2001-08-07 5:55 ` Ryan Mack
2001-08-07 6:27 ` John Polyakov
2001-08-06 23:28 ` Rob Landley
2001-08-07 10:10 ` Christopher E. Brown
2001-08-07 14:05 ` Joel Jaeggli
2001-08-07 6:41 ` Crutcher Dunnavant
2001-08-07 6:57 ` Evgeny Polyakov
2001-08-07 6:45 ` Ryan Mack
2001-08-07 7:08 ` Evgeny Polyakov
2001-08-07 7:23 ` Sean Hunter
2001-08-07 8:39 ` Ben Ford
2001-08-07 12:28 ` Kevin Krieser
2001-08-07 12:39 ` Richard B. Johnson
2001-08-07 14:21 ` Ignacio Vazquez-Abrams
2001-08-07 7:26 ` Ryan Mack
2001-08-07 7:34 ` Jeffrey Considine
2001-08-07 7:49 ` Crutcher Dunnavant
2001-08-07 9:01 ` Peter Wächtler
2001-08-07 12:37 ` Michael Bacarella
2001-08-17 14:50 ` Holger Lubitz
2001-08-17 15:39 ` Richard B. Johnson
2001-08-17 15:57 ` Holger Lubitz
2001-08-17 16:34 ` Gerhard Mack
2001-08-17 16:50 ` Richard B. Johnson
2001-08-17 17:06 ` Adrian Cox
2001-08-17 17:16 ` Richard B. Johnson
2001-08-17 17:22 ` Jacob Alifrangis
2001-08-17 17:36 ` Adrian Cox
2001-08-17 18:51 ` Nicholas Knight
2001-08-17 19:30 ` Richard B. Johnson
2001-08-18 8:51 ` Adrian Cox
2001-08-18 11:02 ` Eric W. Biederman
2001-08-19 8:51 ` Adrian Cox
2001-08-20 1:27 ` Richard B. Johnson
2001-08-20 11:08 ` Helge Hafting
2001-08-20 11:50 ` Ian Stirling
2001-08-21 13:55 ` Andreas Bombe
2001-08-17 20:00 ` Andreas Dilger
2001-08-07 20:09 ` Maciej Zenczykowski
2001-08-07 7:34 ` Steve VanDevender
2001-08-07 7:55 ` Crutcher Dunnavant
2001-08-07 15:17 ` Garett Spencley
2001-08-07 7:49 ` Helge Hafting
2001-08-07 7:58 ` Crutcher Dunnavant
2001-08-07 9:23 ` Helge Hafting
2001-08-07 13:29 ` Wichert Akkerman
2001-08-07 15:56 ` Chris Wedgwood
2001-08-07 16:54 ` Alan Cox
2001-08-07 17:10 ` Chris Wedgwood
2001-08-07 9:52 ` Brian May
2001-08-07 14:48 ` Joel Jaeggli
2001-08-07 15:59 ` Chris Wedgwood
2001-08-07 16:18 ` Joel Jaeggli
2001-08-07 16:24 ` Florian Weimer
2001-08-08 2:13 ` Dr. Kelsey Hudson
2001-08-07 20:30 ` Ian Stirling
2001-08-07 10:33 ` Andrea Arcangeli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3B70641D.CF5F48B9@idcomm.com \
--to=stimits@idcomm.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.