From: David Spreen <david@spreen.de>
To: Ted Unangst <tedu@stanford.edu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: summary Re: encrypted swap
Date: Tue, 7 Aug 2001 23:39:21 +0200 [thread overview]
Message-ID: <20010807233921.B30244@foobar.toppoint.de> (raw)
In-Reply-To: <fa.g4fleqv.1mle133@ifi.uio.no> <Pine.GSO.4.31.0108071419300.2838-100000@cardinal0.Stanford.EDU>
In-Reply-To: <Pine.GSO.4.31.0108071419300.2838-100000@cardinal0.Stanford.EDU>; from tedu@stanford.edu on Tue, Aug 07, 2001 at 02:34:48PM -0700
On Tue, Aug 07, 2001 at 02:34:48PM -0700, Ted Unangst wrote:
> conclusion: if your data is that valuable, you will need a small army to
> protect it. don't bother encrypting swap, because guns are a better means
> of protection.
NAK. Of course I have the united states army in front of my notebook
to protect my pronsite passwds. But see, the army makes my notebook
an interesting target for data-thiefs, right? So I want encrypted swap
as an additional feature.
Okay stop kidding, of course crypted swap is no allround solution, but
a step to harden your security issues. I don't want to make you using
it, but I can think of people who would want to including myself.
> if your data is only semi-valuable, or private that you
> wouldn't want random others to read it, then swap encryption is good.
> it's a nice feature that some people might like to have. does it solve
> every problem? no. but the people in the edge cases are most likely very
> aware of the possibilities.
ACK.
> implementation paper:
> http://www.openbsd.org/papers/swapencrypt.ps
Thank you, this was what I meant when I wrote of some BSD :).
Okay, so I got some ideas how to implement, the kernel-related
thing with an automatic generated key and the kerneli-issue.
I tried to get kerneli working with swap some time ago and it didn't work.
Has the behavour changed? In the crypto HOWTO linked on kerneli.org is
still said that swap encryption doesn't work (but I don't know when the
last release was written).
so long & thanks for your suggestions...
David
--
__ _ | David "netzwurm" Spreen Kiel, Germany
/ _|___ ___| |__ __ _ _ _ | http://www.netzwurm.cc/ david@spreen.de
| _/ _ \/ _ \ '_ \/ _` | '_|| gnupg key (on keyservers): C8B6823A
|_| \___/\___/_.__/\__,_|_| | CellPhone: +49 173 3874061
next prev parent reply other threads:[~2001-08-07 22:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.g4fleqv.1mle133@ifi.uio.no>
2001-08-07 21:34 ` summary Re: encrypted swap Ted Unangst
2001-08-07 21:39 ` David Spreen [this message]
2001-08-08 0:43 ` David Wagner
2001-08-08 3:30 ` Ben Ford
2001-08-08 2:59 ` David Lang
2001-08-08 7:05 ` David Ford
2001-08-08 22:34 ` Marty Poulin
2001-08-09 4:56 ` David Ford
2001-08-09 5:02 ` David Wagner
2001-08-09 15:29 ` Andreas Dilger
2001-08-09 20:31 ` EOT " Rik van Riel
2001-08-09 0:19 ` David Wagner
2001-08-08 4:58 ` David Wagner
[not found] <fa.fk6d0vv.vgmm1i@ifi.uio.no>
2001-08-08 5:37 ` Ted Unangst
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010807233921.B30244@foobar.toppoint.de \
--to=david@spreen.de \
--cc=linux-kernel@vger.kernel.org \
--cc=tedu@stanford.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox