On 1/8/2010 3:32 PM, Stan Hoeppner wrote:
Ross Boylan put forth on 1/8/2010 1:53 PM:On Fri, 2010-01-08 at 05:26 -0600, Stan Hoeppner wrote:Never run encryption on swap. Doing so merely burdens performance. I doubt even NSA, CIA, MI6 encrypt swap partitions on workstations.
I bet every three-letter agency encrypts swap, or does without swap.
This is completely contrary to the advice of the encryption folks.Car salesmen want to sell you a new car too, not that you necessarily need a new one.You MUST encrypt swap in order for your system to be secure; otherwise secrets in RAM may be recoverable from the swap partition.*MUST*? Always be careful when stating absolutes. There is always more than one way to skin a cat. Such as adding the following to rc.local: /sbin/swapoff -a /bin/dd if=/dev/zero of=/dev/sda5 changing sda5 to your swap partition device ID or filename if you're using a swap file instead of a partition. Depending on your disk speed and swap device size it'll add anywhere from 15 secs up to a minute or so to your shutdown time. But your swap will be zero'd. Zeros can't be decrypted, even if a cracker somehow got hold of the keys to the kingdom. ;) -- Stan
Swap should always be encrypted on the principal of presenting minimal attack surface. A running machine can have its cord yanked, and where is your init script then? Yes, even a battery-powered laptop is vulnerable to to forensics if caught red-handed, or in the case of evil maid attacks, etc. Paranoids have enemies, too.
I know that many irresponsible people put employee data on a laptop and then lose the machine. A good IT man plans for such boneheaded behavior. It's like defensive driving. It's the *other* guy you have to look out for, not yourself.
Mark Allums