From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 20 Aug 2001 07:05:30 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 20 Aug 2001 07:05:20 -0400 Received: from hermine.idb.hist.no ([158.38.50.15]:3343 "HELO hermine.idb.hist.no") by vger.kernel.org with SMTP id ; Mon, 20 Aug 2001 07:05:04 -0400 Message-ID: <3B80EE9A.EFA4FDB@idb.hist.no> Date: Mon, 20 Aug 2001 13:03:54 +0200 From: Helge Hafting X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.9 i686) X-Accept-Language: no, en MIME-Version: 1.0 To: Ted Unangst , linux-kernel@vger.kernel.org Subject: Re: Encrypted Swap In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Ted Unangst wrote: > 1. not everyone is going to bring their James Bond RAM Reader (tm) into > your building to extract data. a hardcore data thief, maybe, but it's not > common equipment. everyone will have access to an IDE or SCSI disk > reader. > Everybody has access to a RAM reader. It is called a "pc". Bring one that has battery power and spare slots to plug the stolen modules into. You don't need Q to do this. > 2. RAM has a short window of oppurtunity. whatever it turns out to be, > RAM degrades faster than disk. it's not going to last while you drive it > home, unless you have a RAM refresher plugged in the cigarette lighter. Again, a pc with a 12v adapter is the poor man's in-car ram refresher. :-) > 3. encrypted swap is meant for a different threat model. you assume that > the attacker might have access to the box at night or over a weekend, > while you're away. RAM will be off. if you think someone might be trying > to steal your RAM, you need better physical security. Exactly. Helge Hafting