random key encryption for SWAP?
Anders Karlsson
anders at trudheim.co.uk
Mon Mar 24 02:12:13 UTC 2008
* Johann B. Gudmundsson <johannbg at hi.is> [20080324 00:45]:
> Anders Karlsson wrote:
[snip]
>>
>> man crypttab
>>
>> /Anders
>>
>>
> Why bother :)
>
> Maybe it's time to enlighten users..
> Since this has been *known* for some time now.
> Perhaps mention this in anaconda where user chooses
> to encrypt his partition...
>
> http://citp.princeton.edu/memory/faq/
>
> We can even leave out some of the other juicy bits you can obtain at
> the same time..
Yes, it is known. It still requires effort however. Any encryption
there is today will not withstand a determined attacker. What you can
achieve is protection against opportunists.
And when your employer mandates that you need to encrypt all
filesystems where you may store customer data, then you go along with
it. I encrypted swap just because I could this time. :)
/Anders
More information about the fedora-devel-list
mailing list