encrypted swap(beating a dead horse)

encrypted swap(beating a dead horse)

[David Maynor]

>>
>>2.  anyone stealing a disk to get data out of it sure as hell isn't going
>>to boot it up and run your init scripts.

This is true, so the best thing for this, in my opinion, instead of 
throwing the crypto blanket over everything, scrub the swap when a process 
is terminated so when the machine is shut down, you won't have to clean the 
entire swap.

Re: encrypted swap(beating a dead horse)

[David Wagner]

David Maynor  wrote:
>This is true, so the best thing for this, in my opinion, instead of 
>throwing the crypto blanket over everything, scrub the swap when a process 
>is terminated so when the machine is shut down, you won't have to clean the 
>entire swap.

(If I'm repeating myself and you already knew this, I apologize.)

Scrubbing swap is a good idea, but it turns out it is much harder
to do right then you might think.  In particular, data can survive
many erases, due to the physical properties of hard drives as well
as the properties of filesystems and hard drive caching.

It seems that the only way to have any assurance that you've reliably
deleted data is to ensure that it was only written in encrypted form
in the first place, and to securely erase the key when you're done
with the data and want to erase it.