[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cryptoswap -- was Re: raw disk access

On Tue, Jan 14, 2003 at 10:08:22PM -0500, Hubert Chan wrote:
> >>>>> "Rolf" == Rolf Kutz <kutz@netcologne.de> writes:
> 
> Rolf> * Quoting Joshua SS Miller (joshua@fitsnips.net):
> >> Cryptoswap?  Hmm sound like something I was thinking about earlier
> >> today.  Do you have a good resource for this?
> 
> Rolf> http://www.kerneli.org/index.php
> 
> Do the kerneli modules (officially) work with encrypted swap?  I know
> loop-AES does, but I couldn't find anything about the kerneli
> (cryptoapi/cryptoloop) modules.  (For loop-AES, do a Google search for
> it.)
> 
> When encrypting swap, you need to make sure that you don't allocate new
> memory.  Otherwise, it may cause some swapping, which makes you do
> encryption, which may allocate new memory, ad infinitum.  loop-AES takes
> care of that explicitly, by preallocating memory, but I don't think
> cryptoapi/cryptoloop does, so you may be taking your chances with it.

Yes they do. I don't know if it's in the current release, but I
wrote a sample rc script and notes on it which should be included
in the package.

I never build a machine without it.
Reply to: