From: Steve VanDevender <stevev@efn.org>
To: Justin Guyett <justin@soze.net>
Cc: <linux-kernel@vger.kernel.org>
Subject: Re: Encrypted Swap
Date: Mon, 6 Aug 2001 21:12:16 -0700 [thread overview]
Message-ID: <15215.27296.959612.765065@localhost.efn.org> (raw)
In-Reply-To: <Pine.LNX.4.33.0108062047310.17919-100000@kobayashi.soze.net>
In-Reply-To: <20010807042810.A23855@foobar.toppoint.de> <Pine.LNX.4.33.0108062047310.17919-100000@kobayashi.soze.net>
Justin Guyett writes:
> On Tue, 7 Aug 2001, David Spreen wrote:
>
> > I was just searching for swap-encryption-solutions in the lkml-archive.
> > Did I get the point saying ther's no way to do swap encryption
> > in linux right now? (Well, a swapfile in an encrypted kerneli
> > partition r something like that is not really what I want to
> > do I think).
>
> What's the benefit? Sure, attackers have to know that encrypted swap is
> in use, and have to be able to find the key in memory, but they already
> can do both if they're root, and non-root can't [shouldn't be able to]
> read swap devices on a properly secured machine. Swap isn't meant for
> storage across reboots/remounts, which is the only reason I can think of
> for using encrypted loopback. Once it's mounted, unless you have to enter
> the password for every write, or unless it locks after some period of
> inactivity (locking swap and requiring the password to unlock it sounds
> like a fun proposition when the vm needs to swap), it's insecure until
> it's locked/unmounted again. Unmounting swap in a running system isn't
> typical behavior.
It does prevent one means of recovering possibly security-critical
information for attackers who do have physical access to the machine.
The obvious approach to me would to generate a random session key at
boot time and use that for encrypting/decrypting swap pages. If the
machine is unplugged and the disk pulled out, then the swap area on that
disk could not be recovered the attacker, who presumably is prevented by
other security measures from gaining root on the machine before it's
unplugged to try to get that session key out of the kernel. I haven't
studied this problem, though, so the real solution may be quite a bit
more clever.
next prev parent reply other threads:[~2001-08-07 4:13 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-07 2:28 Encrypted Swap David Spreen
2001-08-07 3:56 ` Justin Guyett
2001-08-07 4:01 ` Chris Wedgwood
2001-08-07 4:12 ` Steve VanDevender [this message]
2001-08-07 4:23 ` John Polyakov
2001-08-07 4:36 ` Chris Wedgwood
2001-08-07 5:12 ` Garett Spencley
2001-08-07 5:55 ` Ryan Mack
2001-08-07 6:27 ` John Polyakov
2001-08-06 23:28 ` Rob Landley
2001-08-07 10:10 ` Christopher E. Brown
2001-08-07 14:05 ` Joel Jaeggli
2001-08-07 6:41 ` Crutcher Dunnavant
2001-08-07 6:57 ` Evgeny Polyakov
2001-08-07 6:45 ` Ryan Mack
2001-08-07 7:08 ` Evgeny Polyakov
2001-08-07 7:23 ` Sean Hunter
2001-08-07 8:39 ` Ben Ford
2001-08-07 12:28 ` Kevin Krieser
2001-08-07 12:39 ` Richard B. Johnson
2001-08-07 13:39 ` Re[2]: " s0mbre
2001-08-08 2:24 ` Re[2]: Encrypted Swap (random off-topic snippet) Dr. Kelsey Hudson
2001-08-08 2:51 ` Michael H. Warfield
2001-08-07 14:21 ` Encrypted Swap Ignacio Vazquez-Abrams
2001-08-07 7:26 ` Ryan Mack
2001-08-07 7:34 ` Jeffrey Considine
2001-08-07 7:49 ` Crutcher Dunnavant
2001-08-07 9:01 ` Peter Wächtler
2001-08-07 12:37 ` Michael Bacarella
2001-08-17 14:50 ` Holger Lubitz
2001-08-17 15:39 ` Richard B. Johnson
2001-08-17 15:57 ` Holger Lubitz
2001-08-17 16:34 ` Gerhard Mack
2001-08-17 16:50 ` Richard B. Johnson
2001-08-17 17:06 ` Adrian Cox
2001-08-17 17:16 ` Richard B. Johnson
2001-08-17 17:22 ` Jacob Alifrangis
2001-08-17 17:36 ` Adrian Cox
2001-08-17 18:51 ` Nicholas Knight
2001-08-17 19:30 ` Richard B. Johnson
2001-08-18 8:51 ` Adrian Cox
2001-08-18 11:02 ` Eric W. Biederman
2001-08-19 8:51 ` Adrian Cox
2001-08-20 1:27 ` Richard B. Johnson
2001-08-20 11:08 ` Helge Hafting
2001-08-20 11:50 ` Ian Stirling
2001-08-21 13:55 ` Andreas Bombe
2001-08-17 20:00 ` Andreas Dilger
2001-08-07 20:09 ` Maciej Zenczykowski
2001-08-07 7:34 ` Steve VanDevender
2001-08-07 7:55 ` Crutcher Dunnavant
2001-08-07 15:17 ` Garett Spencley
2001-08-07 7:49 ` Helge Hafting
2001-08-07 7:58 ` Crutcher Dunnavant
2001-08-07 9:23 ` Helge Hafting
2001-08-07 13:29 ` Wichert Akkerman
2001-08-07 15:56 ` Chris Wedgwood
2001-08-07 16:54 ` Alan Cox
2001-08-07 17:10 ` Chris Wedgwood
2001-08-07 9:52 ` Brian May
2001-08-07 14:48 ` Joel Jaeggli
2001-08-07 15:59 ` Chris Wedgwood
2001-08-07 16:18 ` Joel Jaeggli
2001-08-07 16:24 ` Florian Weimer
2001-08-07 17:14 ` [OT] Cold, Dead Hard drives (was: Encrypted Swap) Stephen Satchell
2001-08-08 2:13 ` Encrypted Swap Dr. Kelsey Hudson
2001-08-07 20:30 ` Ian Stirling
2001-08-07 10:33 ` Andrea Arcangeli
2001-08-13 3:32 ` swap & deadlocks [was Re: Encrypted Swap] Pavel Machek
[not found] <no.id>
2001-08-07 14:17 ` Encrypted Swap Alan Cox
2001-08-07 15:16 ` Crutcher Dunnavant
2001-08-07 16:01 ` Chris Wedgwood
-- strict thread matches above, loose matches on Subject: below --
2001-08-07 14:37 encrypted swap David Maynor
2001-08-07 14:48 ` Billy Harvey
2001-08-07 16:03 ` Chris Wedgwood
2001-08-07 15:06 David Maynor
2001-08-07 15:11 ` Florian Weimer
2001-08-07 15:43 ` Joel Jaeggli
2001-08-07 15:30 ` Garett Spencley
2001-08-07 16:21 ` David Spreen
2001-08-08 8:11 ` Helge Hafting
2001-08-07 15:28 David Maynor
2001-08-07 15:51 ` Florian Weimer
2001-08-07 17:30 Encrypted Swap David Maynor
2001-08-07 17:27 ` Rik van Riel
2001-08-07 18:53 encrypted swap Torrey Hoffman
2001-08-07 19:15 ` Thomas Pornin
2001-08-07 19:23 ` Dan Podeanu
2001-08-07 19:48 ` Andreas Dilger
2001-08-07 20:04 ` Marty Poulin
2001-08-07 21:06 ` David Wagner
2001-08-07 21:56 ` D. Stimits
2001-08-07 21:44 ` Pavel Machek
2001-08-07 19:48 ` Justin Guyett
2001-08-07 20:05 ` Alan Cox
2001-08-07 20:17 ` Bill Rugolsky Jr.
2001-08-07 21:40 David Spreen
2001-08-17 17:10 Encrypted Swap David Christensen
2001-08-17 17:21 ` Richard B. Johnson
2001-08-17 18:41 ` Eric W. Biederman
2001-08-17 19:05 ` Dan Hollis
2001-08-18 9:52 ` Eric W. Biederman
2001-08-18 10:24 ` Nicholas Knight
2001-08-18 12:32 ` Eric W. Biederman
2001-08-17 19:20 ` Richard B. Johnson
2001-08-18 10:34 ` Eric W. Biederman
[not found] <fa.kmbqblv.v3uvig@ifi.uio.no>
2001-08-18 14:53 ` Ted Unangst
2001-08-18 15:17 ` Mr. James W. Laferriere
2001-08-20 11:03 ` Helge Hafting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=15215.27296.959612.765065@localhost.efn.org \
--to=stevev@efn.org \
--cc=justin@soze.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox