Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 11 Jan 2003 03:43:18 -0800
From:      David Schultz <dschultz@uclink.Berkeley.EDU>
To:        Lucky Green <shamrock@cypherpunks.to>
Cc:        freebsd-current@FreeBSD.ORG
Subject:   Re: 5.0 without swap
Message-ID:  <20030111114318.GD3961@HAL9000.homeunix.com>
In-Reply-To: <00ba01c2b95a$8d385670$6601a8c0@VAIO650>
References:  <20030111110819.1be840f1.flynn@energyhq.homeip.net> <00ba01c2b95a$8d385670$6601a8c0@VAIO650>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Thus spake Lucky Green <shamrock@cypherpunks.to>:
> Miguel wrote:
> > Having no swap will prevent you from getting crashdumps in 
> > case of panic which, if you run 5.0, is not that unusual. 
> > Besides these days harddrives cost $1/GB, so why not setup 
> > the swap partition anyway?
> 
> I don't want cleartext cryptographic keys to ever touch magnetic media,
> thus potentially opening the door to future forensic analysis.

You can accomplish that by wiring the pages containing your
cryptographic keys, rather than effectively wiring every page in
the system by having no swap space.  Alternatively, unless you're
really paranoid, it's probably sufficient to write over your swap
partition with random data before you shut down the system.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20030111114318.GD3961>