l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2002 Jun 04 16:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Which cipher to use?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Which cipher to use?



On Monday 03 June 2002 10:25 pm, you wrote:
[snip]
> > > Why bother encrypting my swap? Losta passwords go in there in
> > > plaintext, easily recoverable with a boot disk.
> >
> > Hrm, I'd argue that this isn't true.  Many applications specifically pin
> > pages so they aren't swappable (I.e. ssh).  Not to mention a healthy
> > linux box shouldn't be swapping bins out to disk while they are being
> > actively used.  Have you ever found a password there?
>
> Yea, I grep'ed it for fragments of several passwords I use and found them.

I'm a little skeptical.  What size fragment?  Statistically, you may find
an arbitrary sequence if it's short enough.  Did you actually try this after
having booted with a boot disk?

Even assuming it is a potential problem, has anyone done some simple web
research?  This *cannot* be a new concern.  Before people start throwing
around possible solutions, fixes, patches, etc. it would be good to look
around for what is already known here, and it's certain to be quite a bit.

Here are a two interesting references I found in 30 seconds:
http://www.citi.umich.edu/u/provos/papers/swapencrypt.ps.gz
http://mail-index.netbsd.org/tech-kern/2001/06/04/0013.html

In short, I think one has to be severely paranoid to want to pay the
costs (performance, physical security, time, labor, risk of data 
loss--forgetting password--etc.) associated with this.  A cost/benefit
analysis is called for.

shawn.
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.