[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LVM+RAID+CRYPT



In <4B47166D.8070401@hardwarefreak.com>, Stan Hoeppner wrote:
>Sjors van der Pluijm put forth on 1/8/2010 5:13 AM:
>> 3. Is it ok to have swap and /boot on an encrypted LVM?

Swap is okay.  Boot depends on your boot loader.  I don't know if grub2 can 
handle this or not.

>Never run encryption on swap.  Doing so merely burdens performance.  I doubt
>even NSA, CIA, MI6 encrypt swap partitions on workstations.

BS.  Encrypting swap is *critical*.  If you do not, an attacker can use 
differential cryptanalysis between what is swapped out and the cyphertext on 
disk.

Before even generating the encryption keys for other devices, you should 
change the mount options of your swap partition so that it is encrypted using 
a random key and then remount it.
-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: