From owner-freebsd-questions  Mon Aug 27 19:18:34 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mixtim.homeip.net (cg392862-a.adubn1.nj.home.com [65.2.79.221])
	by hub.freebsd.org (Postfix) with ESMTP id 792D737B401
	for <freebsd-questions@freebsd.org>; Mon, 27 Aug 2001 19:18:31 -0700 (PDT)
	(envelope-from mojojojo@mixtim.homeip.net)
Received: by mixtim.homeip.net (Postfix, from userid 1000)
	id B62829894; Mon, 27 Aug 2001 22:18:30 -0400 (EDT)
Date: Mon, 27 Aug 2001 22:18:30 -0400
From: Mixtim <mixtim@mixtim.homeip.net>
To: freebsd-questions@freebsd.org
Subject: Re: encrypted swap
Message-ID: <20010827221830.A92367@mixtim.homeip.net>
Reply-To: Mixtim <mixtim@mixtim.homeip.net>
References: <20010827090337.21931.qmail@web10406.mail.yahoo.com> <01082721591401.26623@i8k.babbleon.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <01082721591401.26623@i8k.babbleon.org>; from bts@babbleon.org on Mon, Aug 27, 2001 at 09:59:14PM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Mon, Aug 27, 2001 at 09:59:14PM -0400, Brian T . Schellenberger wrote:
> But I wonder why you want to encrypt swap, anyway; it would be dreadfully 
> slow.

OpenBSD has had it for some time now. Its not slow at all.

> First, memory is cheap these days.  Buy enough memory to truly meet your 
> needs and then simply disable swap altogether.  No memory is persisted, no 
> worries.

FreeBSD acts funky with no swap. Even if you have 2G of RAM you usually
end up with a little swap just to please the kernel gods.

> Remember, anybody who can read swap on the live machine must have root
> access, in which case they can read /dev/kmem, in which case,
> encrypting swap won't protect you.

They can remove your hard drive and stick it into a machine where they
do have root. So yes, encrypted swap does protect you.

> Why not just add some code to the shutdown sequence, after the swap is
> turned off, to re-write the swap space with zeros or something?

And if the bad guy just pulls the power cable before removing the hard drive?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message