Re: Non-US

[nisse@lysator.liu.se (Niels Möller)]

Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:

> The main problem to think about is how to get at the secret key (user
> input!), also after hibernation of laptops, etc.

The good thing about swap-encryption is that key management is almost
trivial: You create a random key at startup, use it for all swapped
out pages, and then you replace the key with new random keys at
regular intervals. The OpenBSD implementation actually uses a dozen
sections encrypted with different keys, to make retireing keys easier
(live data associated with a retired key has to be reencrypted with
the replacement key).

Keys are generated randomly, kept in the kernel memory (or in the HURD
case, in the pager process' memory), and never input, output or stored
anywhere. It would be even better to create a new key for every
process (and replace it occasionally if the process lives for a long
time), and delete the key immediately at process exit. But that is
probably more complex than it sounds, when you take shared memory in
account.

I haven't thought about hibernation; in the model above, capture of a
hibernated laptop gives an attacker as much information as if it was
captured live just before hibernation. I.e. the attacker gets the
memory space of all live processes, whether swapped out or not. He
still doesn't get any information that was swapped out some time ago.

Perhaps it's good enough to make sure to kill all sensitive processes
and change the swap key(s) before hibernation? The alternative would
be to encrypt the the swap keys protected by some passphrase-thingy
and delete them from memory before hibernation. I don't really know
how laptop hibernation works, but if it saves a copy of all physical
memory to disk, one would want to encrypt that as well; encrypting the
swap isn't enough.

/Niels