Date: Mon, 27 Aug 2001 22:18:30 -0400 From: Mixtim <mixtim@mixtim.homeip.net> To: freebsd-questions@freebsd.org Subject: Re: encrypted swap Message-ID: <20010827221830.A92367@mixtim.homeip.net> In-Reply-To: <01082721591401.26623@i8k.babbleon.org>; from bts@babbleon.org on Mon, Aug 27, 2001 at 09:59:14PM -0400 References: <20010827090337.21931.qmail@web10406.mail.yahoo.com> <01082721591401.26623@i8k.babbleon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 27, 2001 at 09:59:14PM -0400, Brian T . Schellenberger wrote: > But I wonder why you want to encrypt swap, anyway; it would be dreadfully > slow. OpenBSD has had it for some time now. Its not slow at all. > First, memory is cheap these days. Buy enough memory to truly meet your > needs and then simply disable swap altogether. No memory is persisted, no > worries. FreeBSD acts funky with no swap. Even if you have 2G of RAM you usually end up with a little swap just to please the kernel gods. > Remember, anybody who can read swap on the live machine must have root > access, in which case they can read /dev/kmem, in which case, > encrypting swap won't protect you. They can remove your hard drive and stick it into a machine where they do have root. So yes, encrypted swap does protect you. > Why not just add some code to the shutdown sequence, after the swap is > turned off, to re-write the swap space with zeros or something? And if the bad guy just pulls the power cable before removing the hard drive? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010827221830.A92367>