Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower.
Again you are not 100% sure. It has been discussed several times about the posibility of un-erasing erased data, but we can consider that unerasing and trying to recover data from swap might be not very useful.
Erasing the swap, as it is not a file, and because we are talking security here, means overwriting the swap data with something else. Even in that case, data is recoverable, if you have the means; but I suppose the ordinary thief picking a portable does not have those means, and if he has those means then he is not ordinary thief and even encryption will not deter him much.
But on the other hand, you are leaving your information thief-readable whenever halt.local is not executed. If the system does not shut down clearly, or the thief knows that he has to unplug the cable (remove the batery) instead of initing-6 he is done.
If the thief can get to my PC while running, I have bigger worries. He might be armed!
Ok, you can say that whenever *you* shut down the system, then it is "safe", and I agree :-) It is only a matter of how much you want to be secure and all-data-encription is the way to be MORE confident on the solution.
Yes. But I'm not that "paranoid". As I use "suspend to disk", what worries me is that the password to the encrypted partitions is saved in clear in the swap partition - this a pending problem. And encrypting the swap partition would not solve it, because then I could not suspend to disk, and also I fear that swapping would be much slower. - -- Saludos Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDgLihtTMYHG2NR9URAsrPAKCSIoiwc9CjbYVSWSH8XP+4I0mEwQCffj6p LAsJqAEOquTUtkfeIVQf/lk= =lgEw -----END PGP SIGNATURE-----
Hi Carlos, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower.
Erasing is no good idea. Too much can go wrong, and you never will find out. [...]
But on the other hand, you are leaving your information thief-readable whenever halt.local is not executed. If the system does not shut down clearly, or the thief knows that he has to unplug the cable (remove the batery) instead of initing-6 he is done.
If the thief can get to my PC while running, I have bigger worries. He might be armed!
So you shutdown youre system whenever going to toilet. Or for a cup of coffee...... I know of stolen Laptops during working hours.
Yes. But I'm not that "paranoid".
You Should be! Or forget thinking about Security.
As I use "suspend to disk", what worries me is that the password to the encrypted partitions is saved in clear in the swap partition - this a pending problem. And encrypting the swap partition would not solve it, because then I could not suspend to disk, and also I fear that swapping would be much slower.
Give it a try. On most systems you can switch over in running state. (And also back ;-) ) Dirk TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl-------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: robin1.listas@tiscali.es, suse-security@suse.com # Dateianhänge: 0
Stupid question: How about having no swap partition at all and giving the box enough RAM? I couldn't think of a bullet prove way of hiding the key for the encrypted partition. An option would be that you enter a password Every time you boot the box but that's most probably not what you want. Sebastian -----Ursprüngliche Nachricht----- Von: Dirk Schreiner [mailto:Dirk.Schreiner@tria.de] Gesendet: Montag, 21. November 2005 10:18 An: Carlos E. R. Cc: SuSE Security List Betreff: Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ? Hi Carlos, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower.
Erasing is no good idea. Too much can go wrong, and you never will find out. [...]
But on the other hand, you are leaving your information thief-readable whenever halt.local is not executed. If the system does not shut down clearly, or the thief knows that he has to unplug the cable (remove the batery) instead of initing-6 he is done.
If the thief can get to my PC while running, I have bigger worries. He might be armed!
So you shutdown youre system whenever going to toilet. Or for a cup of coffee...... I know of stolen Laptops during working hours.
Yes. But I'm not that "paranoid".
You Should be! Or forget thinking about Security.
As I use "suspend to disk", what worries me is that the password to the encrypted partitions is saved in clear in the swap partition - this a pending problem. And encrypting the swap partition would not solve it, because then I could not suspend to disk, and also I fear that swapping would be much slower.
Give it a try. On most systems you can switch over in running state. (And also back ;-) ) Dirk
Hi Sebastian, Sebastian Kübeck wrote:
Stupid question: How about having no swap partition at all and giving the box enough RAM?
This is possible, but has some performance hints. (You can use less Ram for HD-caching.)
I couldn't think of a bullet prove way of hiding the key for the encrypted partition.
You do not need to store the Key, cause the key is only held in the memory during runtime, and lost during shutdown. There is a new Key generated every boottime. Remember, swapspace, like Ram can be empty during booting. An option would be that you enter a password
Every time you boot the box but that's most probably not what you want.
Right. Dirk [...] TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl-------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: kuebeck@qenta.at, suse-security@suse.com # Dateianhänge: 0
Hi Dirk, Sebastian Kübeck wrote:
Stupid question: How about having no swap partition at all and giving the box enough RAM?
This is possible, but has some performance hints. (You can use less Ram for HD-caching.) I was thinking of the TCO. Thinking of complicated ways to encrypt swap space seems to be way more expensive (and troublesom) than just adding more RAM.
I couldn't think of a bullet prove way of hiding the key for the encrypted partition.
You do not need to store the Key, cause the key is only held in the memory during runtime, and lost during shutdown. There is a new Key generated every boottime. Remember, swapspace, like Ram can be empty during booting.
In practice, it doesn't matter if it's the key or something that decrypts the key (e.g. a Password). If someone kidnaps the box, he/she will have access to the key as long as anything to get access to it is somewhere on the machine (HD, Smartcard or USB stick or Anything that is permanently attached to the box). You could delete the swap space during shutdown but nobody can prevent the kidnapper of simply unplugging the box. Just some thoughts. I'm definetly no expert on this! Sebastian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2005-11-21 at 12:04 +0100, Dirk Schreiner wrote:
I couldn't think of a bullet prove way of hiding the key for the encrypted partition.
You do not need to store the Key, cause the key is only held in the memory during runtime, and lost during shutdown. There is a new Key generated every boottime.
And that's why I said that then you can not suspend to disk. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDgdNJtTMYHG2NR9URAi9rAKCQ3WGpK18HGip5XSqPYvE9OjscWwCcD/S/ fpmBKI8MBDPCbLFX3rfTgJ4= =0DxD -----END PGP SIGNATURE-----
Sebastian Kübeck wrote:
Stupid question: How about having no swap partition at all and giving the box enough RAM? I couldn't think of a bullet prove way of hiding the key for the encrypted partition. An option would be that you enter a password Every time you boot the box but that's most probably not what you want.
If you want true security, that's the first thing you should start with. Everyone of my boxes requires a bios password. Now I know that's not the kind of password you're talking about, but you really should secure your box from all possible avenues. Security works best in layers, like an onion. -- Until later, Geoffrey
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2005-11-21 at 10:17 +0100, Dirk Schreiner wrote:
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower.
Erasing is no good idea. Too much can go wrong, and you never will find out.
Like...? The only thing I can think is that it can not erase for some reason.
[...]
But on the other hand, you are leaving your information thief-readable whenever halt.local is not executed. If the system does not shut down clearly, or the thief knows that he has to unplug the cable (remove the batery) instead of initing-6 he is done.
If the thief can get to my PC while running, I have bigger worries. He might be armed!
So you shutdown youre system whenever going to toilet. Or for a cup of coffee......
I know of stolen Laptops during working hours.
And I know of stolen motherboards from the inside of PCs. They took the insides and left the iron. With armed guards and entry control points in the premises. No, as I said, I don't worry about that. As I said, if they can get to my PC while running to do "bad things", having information readable is the least of my worries. They could be armed, kidnap me, and force me to tell the passwords and anything.
Yes. But I'm not that "paranoid".
You Should be! Or forget thinking about Security.
No! Everything is a compromise. You decide what level of security you want and need. I don't need that much security. I I were working for a bank, or for defense, or a competitive investigation project, say, I'd be very paranoid. As I'm not, then I don't have to. I don't keep anything in my PC that a thief couldn't get otherwise. Bank accounts? He could stole my snail-mail instead, or search my desk and cupboards for papers.
As I use "suspend to disk", what worries me is that the password to the encrypted partitions is saved in clear in the swap partition - this a pending problem. And encrypting the swap partition would not solve it, because then I could not suspend to disk, and also I fear that swapping would be much slower.
Give it a try. On most systems you can switch over in running state. (And also back ;-) )
I do use suspend to disk every day, it works fine. Once I suspended during a kernel compile. No problem, when it awoke, it continued running. But if i used a encrypted swap partition, I could not suspend, because it would need the decryption password when awakening. The password needs to be manual, no automatic. And otherwise, my system would be much slower when trashing or swapping. As I said, I'd be content with the password to my encrypted partition not being saved in the swap. That would satisfy my limited paranoia ;-) - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDgddmtTMYHG2NR9URApW+AKCJ4h4Q/YENGj9uauZhQNd5vloKDACfc6Xd KU8GuscTbKGzx94eZJL+gzs= =8g9a -----END PGP SIGNATURE-----
participants (4)
-
Carlos E. R.
-
Dirk Schreiner
-
Geoffrey
-
Sebastian Kübeck