Re: encrypted swap(beating a dead horse)

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: daw@mozart.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: encrypted swap(beating a dead horse)
Date: 9 Aug 2001 00:22:51 GMT	[thread overview]
Message-ID: <9ksl4r$5us$2@abraham.cs.berkeley.edu> (raw)
In-Reply-To: <5.1.0.14.2.20010808111228.00a83720@pop.prism.gatech.edu>

David Maynor  wrote:
>This is true, so the best thing for this, in my opinion, instead of 
>throwing the crypto blanket over everything, scrub the swap when a process 
>is terminated so when the machine is shut down, you won't have to clean the 
>entire swap.

(If I'm repeating myself and you already knew this, I apologize.)

Scrubbing swap is a good idea, but it turns out it is much harder
to do right then you might think.  In particular, data can survive
many erases, due to the physical properties of hard drives as well
as the properties of filesystems and hard drive caching.

It seems that the only way to have any assurance that you've reliably
deleted data is to ensure that it was only written in encrypted form
in the first place, and to securely erase the key when you're done
with the data and want to erase it.

     prev parent reply	other threads:[~2001-08-09  0:26 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-08-08 15:17 encrypted swap(beating a dead horse) David Maynor
2001-08-09  0:22 ` David Wagner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='9ksl4r$5us$2@abraham.cs.berkeley.edu' \
    --to=daw@mozart.cs.berkeley.edu \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox