From: "D. Stimits" <stimits@idcomm.com>
To: unlisted-recipients:; (no To-header on input)@localhost.localdomain
Cc: linux-kernel@vger.kernel.org
Subject: Re: encrypted swap
Date: Tue, 07 Aug 2001 15:56:45 -0600 [thread overview]
Message-ID: <3B70641D.CF5F48B9@idcomm.com> (raw)
In-Reply-To: <D52B19A7284D32459CF20D579C4B0C0211C9A8@mail0.myrio.com> <Pine.LNX.4.33L2.0108072212590.18776-100000@spiral.extreme.ro> <9kpl82$iao$1@abraham.cs.berkeley.edu>
David Wagner wrote:
>
> Dan Podeanu wrote:
> >If its going to be stolen while its offline, you
> >can have your shutdown scripts blank the swap partition [...]
>
> Erasing data, once written, is deceptively difficult.
> See Peter Gutmann's excellent paper on the subject at
> http://www.usenix.org/publications/library/proceedings/sec96/gutmann.html
>
> It turns out that the easiest way to solve this problem is to make sure
> you only ever write to the swap partition in encrypted form, and then when
> you want to erase it securely, just throw away the key used to encrypt it.
> (You have to securely erase this key, but it is much easier to erase
> this key securely, because it is shorter and because you can arrange
> that it only resides in RAM.)
>
> It is critical that you choose a new encryption key each time you boot.
> (Requiring users to enter in passphrases manually is unlikely to work well.)
You could easily create a pass phrase that is a combination of a user
defined pass, and a random device generation. During suspend of the
laptop, you could force it to forget only the user defined portion, and
ask that it get re-entered on resume. Keyboard snooping would only
provide a small part of the key; though it would aid attacks to know
part of the key, each reboot would invalidate the per-session key, and
each suspend or boot would also invalidate the user key (the user could
choose a different user key each boot, but that key would remain in
effect for the remainder of the boot; one could be so devious as to also
force the user key portion to pass a one-way hash, like MD5, against a
permanent pass file, if the permanent pass file was not itself on an
encrypted partition).
D. Stimits, stimits@idcomm.com
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2001-08-07 21:56 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-07 18:53 encrypted swap Torrey Hoffman
2001-08-07 19:15 ` Thomas Pornin
2001-08-07 19:23 ` Dan Podeanu
2001-08-07 19:48 ` Andreas Dilger
2001-08-07 20:04 ` Marty Poulin
2001-08-07 21:06 ` David Wagner
2001-08-07 21:56 ` D. Stimits [this message]
2001-08-07 21:44 ` Pavel Machek
2001-08-07 19:48 ` Justin Guyett
2001-08-07 20:05 ` Alan Cox
2001-08-07 20:17 ` Bill Rugolsky Jr.
[not found] <fa.kmbqblv.v3uvig@ifi.uio.no>
2001-08-18 14:53 ` Encrypted Swap Ted Unangst
2001-08-18 15:17 ` Mr. James W. Laferriere
2001-08-20 11:03 ` Helge Hafting
-- strict thread matches above, loose matches on Subject: below --
2001-08-17 17:10 David Christensen
2001-08-17 17:21 ` Richard B. Johnson
2001-08-17 18:41 ` Eric W. Biederman
2001-08-17 19:05 ` Dan Hollis
2001-08-18 9:52 ` Eric W. Biederman
2001-08-18 10:24 ` Nicholas Knight
2001-08-18 12:32 ` Eric W. Biederman
2001-08-17 19:20 ` Richard B. Johnson
2001-08-18 10:34 ` Eric W. Biederman
2001-08-07 21:40 encrypted swap David Spreen
2001-08-07 17:30 Encrypted Swap David Maynor
2001-08-07 17:27 ` Rik van Riel
2001-08-07 15:28 encrypted swap David Maynor
2001-08-07 15:51 ` Florian Weimer
2001-08-07 15:06 David Maynor
2001-08-07 15:11 ` Florian Weimer
2001-08-07 15:43 ` Joel Jaeggli
2001-08-07 15:30 ` Garett Spencley
2001-08-07 16:21 ` David Spreen
2001-08-08 8:11 ` Helge Hafting
2001-08-07 14:37 David Maynor
2001-08-07 14:48 ` Billy Harvey
2001-08-07 16:03 ` Chris Wedgwood
[not found] <no.id>
2001-08-07 14:17 ` Encrypted Swap Alan Cox
2001-08-07 15:16 ` Crutcher Dunnavant
2001-08-07 16:01 ` Chris Wedgwood
2001-08-07 2:28 David Spreen
2001-08-07 3:56 ` Justin Guyett
2001-08-07 4:01 ` Chris Wedgwood
2001-08-07 4:12 ` Steve VanDevender
2001-08-07 4:23 ` John Polyakov
2001-08-07 4:36 ` Chris Wedgwood
2001-08-07 5:12 ` Garett Spencley
2001-08-07 5:55 ` Ryan Mack
2001-08-07 6:27 ` John Polyakov
2001-08-06 23:28 ` Rob Landley
2001-08-07 10:10 ` Christopher E. Brown
2001-08-07 14:05 ` Joel Jaeggli
2001-08-07 6:41 ` Crutcher Dunnavant
2001-08-07 6:57 ` Evgeny Polyakov
2001-08-07 6:45 ` Ryan Mack
2001-08-07 7:08 ` Evgeny Polyakov
2001-08-07 7:23 ` Sean Hunter
2001-08-07 8:39 ` Ben Ford
2001-08-07 12:28 ` Kevin Krieser
2001-08-07 12:39 ` Richard B. Johnson
2001-08-07 14:21 ` Ignacio Vazquez-Abrams
2001-08-07 7:26 ` Ryan Mack
2001-08-07 7:34 ` Jeffrey Considine
2001-08-07 7:49 ` Crutcher Dunnavant
2001-08-07 9:01 ` Peter Wächtler
2001-08-07 12:37 ` Michael Bacarella
2001-08-17 14:50 ` Holger Lubitz
2001-08-17 15:39 ` Richard B. Johnson
2001-08-17 15:57 ` Holger Lubitz
2001-08-17 16:34 ` Gerhard Mack
2001-08-17 16:50 ` Richard B. Johnson
2001-08-17 17:06 ` Adrian Cox
2001-08-17 17:16 ` Richard B. Johnson
2001-08-17 17:22 ` Jacob Alifrangis
2001-08-17 17:36 ` Adrian Cox
2001-08-17 18:51 ` Nicholas Knight
2001-08-17 19:30 ` Richard B. Johnson
2001-08-18 8:51 ` Adrian Cox
2001-08-18 11:02 ` Eric W. Biederman
2001-08-19 8:51 ` Adrian Cox
2001-08-20 1:27 ` Richard B. Johnson
2001-08-20 11:08 ` Helge Hafting
2001-08-20 11:50 ` Ian Stirling
2001-08-21 13:55 ` Andreas Bombe
2001-08-17 20:00 ` Andreas Dilger
2001-08-07 20:09 ` Maciej Zenczykowski
2001-08-07 7:34 ` Steve VanDevender
2001-08-07 7:55 ` Crutcher Dunnavant
2001-08-07 15:17 ` Garett Spencley
2001-08-07 7:49 ` Helge Hafting
2001-08-07 7:58 ` Crutcher Dunnavant
2001-08-07 9:23 ` Helge Hafting
2001-08-07 13:29 ` Wichert Akkerman
2001-08-07 15:56 ` Chris Wedgwood
2001-08-07 16:54 ` Alan Cox
2001-08-07 17:10 ` Chris Wedgwood
2001-08-07 9:52 ` Brian May
2001-08-07 14:48 ` Joel Jaeggli
2001-08-07 15:59 ` Chris Wedgwood
2001-08-07 16:18 ` Joel Jaeggli
2001-08-07 16:24 ` Florian Weimer
2001-08-08 2:13 ` Dr. Kelsey Hudson
2001-08-07 20:30 ` Ian Stirling
2001-08-07 10:33 ` Andrea Arcangeli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3B70641D.CF5F48B9@idcomm.com \
--to=stimits@idcomm.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox