Stupid question: How about having no swap partition at all and giving the box enough RAM? I couldn't think of a bullet prove way of hiding the key for the encrypted partition. An option would be that you enter a password Every time you boot the box but that's most probably not what you want. Sebastian -----Ursprüngliche Nachricht----- Von: Dirk Schreiner [mailto:Dirk.Schreiner@tria.de] Gesendet: Montag, 21. November 2005 10:18 An: Carlos E. R. Cc: SuSE Security List Betreff: Re: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ? Hi Carlos, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
El 005-11-19 a las 06:36 -0200, Ariel Sabiguero Yawelak escribió:
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower.
Erasing is no good idea. Too much can go wrong, and you never will find out. [...]
But on the other hand, you are leaving your information thief-readable whenever halt.local is not executed. If the system does not shut down clearly, or the thief knows that he has to unplug the cable (remove the batery) instead of initing-6 he is done.
If the thief can get to my PC while running, I have bigger worries. He might be armed!
So you shutdown youre system whenever going to toilet. Or for a cup of coffee...... I know of stolen Laptops during working hours.
Yes. But I'm not that "paranoid".
You Should be! Or forget thinking about Security.
As I use "suspend to disk", what worries me is that the password to the encrypted partitions is saved in clear in the swap partition - this a pending problem. And encrypting the swap partition would not solve it, because then I could not suspend to disk, and also I fear that swapping would be much slower.
Give it a try. On most systems you can switch over in running state. (And also back ;-) ) Dirk