Hi Dirk, Sebastian Kübeck wrote:
Stupid question: How about having no swap partition at all and giving the box enough RAM?
This is possible, but has some performance hints. (You can use less Ram for HD-caching.) I was thinking of the TCO. Thinking of complicated ways to encrypt swap space seems to be way more expensive (and troublesom) than just adding more RAM.
I couldn't think of a bullet prove way of hiding the key for the encrypted partition.
You do not need to store the Key, cause the key is only held in the memory during runtime, and lost during shutdown. There is a new Key generated every boottime. Remember, swapspace, like Ram can be empty during booting.
In practice, it doesn't matter if it's the key or something that decrypts the key (e.g. a Password). If someone kidnaps the box, he/she will have access to the key as long as anything to get access to it is somewhere on the machine (HD, Smartcard or USB stick or Anything that is permanently attached to the box). You could delete the swap space during shutdown but nobody can prevent the kidnapper of simply unplugging the box. Just some thoughts. I'm definetly no expert on this! Sebastian