Christoph Merk wrote:
u r thinking way too complicated. Take ur computer, open it, take the hard drive out, attache it to a working linux box and READ anything on the extra drive.
Sure that you can read it, the thing is to prevent you from understanding it or stealing sensitive information.
It's like taking a picture of your old system's memory after u turned the machine off. so, u don't need to watch a horror movie to be horrified. This is such a simple thing to do. I call that very horrifying... how about u.
Pretty naive. If you are using encrypted partitions, something that is used more and more on portable computers, you need to know the encryption-key to access the filesystem (ok, brut force might work if you have the time required). This measure is adecuate for several environments. But the privacy based on filesystem encryption is not so strong if you cannot control things that are made thief-readable beyond your control, which is the regular problem with swap space. Obviously, it is not 100% sure that anything sensitive is going to be on the swap space.... but that is not enough. In general you want to work the other way, you want to be 100% sure that there is no information thief-readable after the computer is turned off. After this, swap partition encryption becomes your friend. There are other more advanced ideas like puting steganography onto filesystems.... that means that you are hinding data in your filesystem in a way that it cannot be even detected that it is there. If you are interested, you can check for a definition @wikipedia You can try to patch the kernel and start hiding your data from http://www.ecn.org/crypto/soft/stegfs-1.1.4.tar.gz. There are a few papers/articles on this too. Maybe after encrypting all the filesystems of my computer (swap included) and hiding through steagnography relevant files I can feel a little safer when I leave home....don't you agree? ;-) Cheers. Ariel
regards, Chris
Geoffrey wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Friday 2005-11-18 at 02:26 +0100, miguel gmail wrote:
Sorry to break the thread... but, what's the point to encrypt the swap?
Thinking aloud [.....] a swap device might be readable by some users, while the system is running. Lets see, mine has permissions:
brw-rw---- 1 root disk 3, 9 2005-10-07 02:48 /dev/hda9
Actually, the swap is on the hard drive, thus I suspect that there may be data retained on it even after a reboot, although I'm not sure of this. I don't know if the kernel purges the swap on shutdown or reboot, but somehow I doubt that is the case.