How do I encypt the swap (partition[s]) under SuSE 9.3 Prof ?
Hello All, Can anyone tell me how to encrypt swap under SuSE 9.3? This is standard on Mac's and should be as well possible in 9.3. Regards and thnx for your help Chris PS: Sorry for writing in German on the first posting. Should not happen again ;-)
Can anyone tell me how to encrypt swap under SuSE 9.3? This is standard on Mac's and should be as well possible in 9.3.
On a SUSE 9.2 (default-kernel) system it was almost trivially easy to set up an encrypted swap, IIRC. You can try this for your 9.3: put an entry like /dev/hdXX swap swap sw,loop=/dev/loopNNN,encryption=AES256,pri=99 0 0 in your /etc/fstab. The "pri=..." part is optional, and you may select different algrithms for the "encryption=..." part (read the man pages for details). Replace "XX" with your designated swap device, and replace NNN with a number from 0-15 to select a loop device (0-15 loop devices seem to be standard in S92). I use loop 5 and 6, FWIW. Check with lsmod if you have the AES (or your selected encryption) module running; I believe it wasn't even necessary to modprobe the module somewhere in /etc/init.d, but I am not sure about that now. (My lsmod output shows "aes_i586 .....") Then, just run "swapoff -a" (just to be sure) and "swapon -a", and you're all set. Get back to the list or to me if it doesn't work right away; my failing memory might be missing some minor step since it's been a while ... HTH, Axel
PS: Sorry for writing in German on the first posting. Should not happen again ;-)
I hadn't even noticed: ik spreken deuts (sogar richtiges :-) ) (sorry for replying to Chris instead of the list the first time)
Hi,
Can anyone tell me how to encrypt swap under SuSE 9.3? This is standard on Mac's and should be as well possible in 9.3.
On a SUSE 9.2 (default-kernel) system it was almost trivially easy to set up an encrypted swap, IIRC. You can try this for your 9.3:
Sorry to break the thread... but, what's the point to encrypt the swap? Thanks! -- Saludos, miguel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2005-11-18 at 02:26 +0100, miguel gmail wrote:
Sorry to break the thread... but, what's the point to encrypt the swap?
Thinking aloud [.....] a swap device might be readable by some users, while the system is running. Lets see, mine has permissions: brw-rw---- 1 root disk 3, 9 2005-10-07 02:48 /dev/hda9 so someone in group "disk" could do it (users can not read other users memory, the kernel does not permit it). Otherwise, someone with physical access to your PC might pull the plug at some inconvenient time, then use a rescue CD thing to read the swap partition, that being as I said an inconvenient time, might, for example, have the copy of an important document that was swapped out from memory. Or [more thinking] when the system is suspended to swap, all memory is swapped out, and then accessible by the above method (although I don't know if a suspend to encrypted swap works). For instance, while suspended, a normal encrypted partition paraphrase is saved in clear in the swap, and therefore, vulnerable. Just some ideas... perhaps there is something more. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDfUpFtTMYHG2NR9URAmV/AJ9ozd/oNRqC5qwpw07UjVbvjksgJgCdEasI Cqfd/iGlGU6gqwUKJ6NGDC8= =aZkR -----END PGP SIGNATURE-----
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Friday 2005-11-18 at 02:26 +0100, miguel gmail wrote:
Sorry to break the thread... but, what's the point to encrypt the swap?
Thinking aloud [.....] a swap device might be readable by some users, while the system is running. Lets see, mine has permissions:
brw-rw---- 1 root disk 3, 9 2005-10-07 02:48 /dev/hda9
Actually, the swap is on the hard drive, thus I suspect that there may be data retained on it even after a reboot, although I'm not sure of this. I don't know if the kernel purges the swap on shutdown or reboot, but somehow I doubt that is the case. -- Until later, Geoffrey
u r thinking way too complicated. Take ur computer, open it, take the hard drive out, attache it to a working linux box and READ anything on the extra drive. It's like taking a picture of your old system's memory after u turned the machine off. so, u don't need to watch a horror movie to be horrified. This is such a simple thing to do. I call that very horrifying... how about u. regards, Chris Geoffrey wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Friday 2005-11-18 at 02:26 +0100, miguel gmail wrote:
Sorry to break the thread... but, what's the point to encrypt the swap?
Thinking aloud [.....] a swap device might be readable by some users, while the system is running. Lets see, mine has permissions:
brw-rw---- 1 root disk 3, 9 2005-10-07 02:48 /dev/hda9
Actually, the swap is on the hard drive, thus I suspect that there may be data retained on it even after a reboot, although I'm not sure of this. I don't know if the kernel purges the swap on shutdown or reboot, but somehow I doubt that is the case.
Christoph Merk wrote:
u r thinking way too complicated. Take ur computer, open it, take the hard drive out, attache it to a working linux box and READ anything on the extra drive.
Sure that you can read it, the thing is to prevent you from understanding it or stealing sensitive information.
It's like taking a picture of your old system's memory after u turned the machine off. so, u don't need to watch a horror movie to be horrified. This is such a simple thing to do. I call that very horrifying... how about u.
Pretty naive. If you are using encrypted partitions, something that is used more and more on portable computers, you need to know the encryption-key to access the filesystem (ok, brut force might work if you have the time required). This measure is adecuate for several environments. But the privacy based on filesystem encryption is not so strong if you cannot control things that are made thief-readable beyond your control, which is the regular problem with swap space. Obviously, it is not 100% sure that anything sensitive is going to be on the swap space.... but that is not enough. In general you want to work the other way, you want to be 100% sure that there is no information thief-readable after the computer is turned off. After this, swap partition encryption becomes your friend. There are other more advanced ideas like puting steganography onto filesystems.... that means that you are hinding data in your filesystem in a way that it cannot be even detected that it is there. If you are interested, you can check for a definition @wikipedia You can try to patch the kernel and start hiding your data from http://www.ecn.org/crypto/soft/stegfs-1.1.4.tar.gz. There are a few papers/articles on this too. Maybe after encrypting all the filesystems of my computer (swap included) and hiding through steagnography relevant files I can feel a little safer when I leave home....don't you agree? ;-) Cheers. Ariel
regards, Chris
Geoffrey wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Friday 2005-11-18 at 02:26 +0100, miguel gmail wrote:
Sorry to break the thread... but, what's the point to encrypt the swap?
Thinking aloud [.....] a swap device might be readable by some users, while the system is running. Lets see, mine has permissions:
brw-rw---- 1 root disk 3, 9 2005-10-07 02:48 /dev/hda9
Actually, the swap is on the hard drive, thus I suspect that there may be data retained on it even after a reboot, although I'm not sure of this. I don't know if the kernel purges the swap on shutdown or reboot, but somehow I doubt that is the case.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2005-11-18 at 13:23 -0200, Ariel Sabiguero Yawelak wrote:
But the privacy based on filesystem encryption is not so strong if you cannot control things that are made thief-readable beyond your control, which is the regular problem with swap space. Obviously, it is not 100% sure that anything sensitive is going to be on the swap space.... but that is not enough.
The passphrase of the encrypted partitions go into swap space in clear when you suspend to disk. That is scary.
In general you want to work the other way, you want to be 100% sure that there is no information thief-readable after the computer is turned off. After this, swap partition encryption becomes your friend.
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDfnfEtTMYHG2NR9URAr1fAJ0ZeFmKotED8fqTdHzkNqvSKI3x3gCcD7X9 3Gln5UjDt+XcLhgWu2fVuyY= =ibC/ -----END PGP SIGNATURE-----
Carlos E. R. wrote:
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower.
Define erase. In reality, I suspect, you would have to overwrite it multiple times in order to insure data is no longer retrievable. It all depends on your level of paranoia. -- Until later, Geoffrey
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2005-11-20 at 07:46 -0500, Geoffrey wrote:
You might consider erasing the swap partition when powering off, using for the purpose "/etc/init.d/halt.local". The perfomance while in use will be better, but halting will be much slower.
Define erase. In reality, I suspect, you would have to overwrite it multiple times in order to insure data is no longer retrievable. It all depends on your level of paranoia.
Yes, of course, I meant overwriting. There is no filesystem in swap, a fast erase as in the filesystem has no meaning, it is impossible, and in the security context we are talking about, senseless. But overwrite a single time, maybe with a random pattern. If a thief is so interested in my data and has the means to unerase overwritten data, then he is really BIG and has the means to get them anyway, like installing a bug in my machine or whatever. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDgT94tTMYHG2NR9URAlS1AJ98S24f4niMnRlZBVsRPVPGZ1g9vACfTkHl +sWXZRfFcv4qvFYoI80lZ+w= =J62V -----END PGP SIGNATURE-----
Christoph Merk wrote:
u r thinking way too complicated. Take ur computer, open it, take the hard drive out, attache it to a working linux box and READ anything on the extra drive.
Not if the filesystems are encrypted, which is possible.
It's like taking a picture of your old system's memory after u turned the machine off.
I'm quite familiar with how the OS works.
so, u don't need to watch a horror movie to be horrified. This is such a simple thing to do. I call that very horrifying... how about u. regards,
You're thinking too simply. I for one do encrypt any data that I want to protect. I assure you, without the assistance of a Federal 3 letter organization, you could not retrieve any data from my travelling laptop. If you're foolish enough to permit a powered down computer into the hands of someone who intends to do you harm, then you're not thinking smart, which is not complicated... -- Until later, Geoffrey
Howdy, Conspiracy Enthusiasts! On Thursday 17 November 2005 17:26, miguel gmail wrote:
...
Sorry to break the thread... but, what's the point to encrypt the swap?
Space aliens live in our systems' disk controllers and will steal your precious data and send it to our soon-to-be overlords from Tau Ceti 5.
... Saludos, miguel
RRS
'cause all our precious passwd's and line-inputs r stored here legible for anyone who opens our box! It's an open invitation 2 any1. It's basically the drawer where u left all our passwds and and infos where u thought no1 cud read 'em..... is that reason enough? thnx & have a great crypted day! c :-) miguel gmail wrote:
Hi,
Can anyone tell me how to encrypt swap under SuSE 9.3? This is standard on Mac's and should be as well possible in 9.3.
On a SUSE 9.2 (default-kernel) system it was almost trivially easy to set up an encrypted swap, IIRC. You can try this for your 9.3:
Sorry to break the thread... but, what's the point to encrypt the swap?
Thanks!
-- Saludos, miguel
Hi Christiph, first, it`s a good thing to encrypt swap. Cause you never know what is swaped out. There was an Article about this in Linux-magazine some time ago. (Sorry, you` gotta search on youre own. ;-( ) The way was to format swap every boottime with a new generated encryption Key and store the key only in the Kernel. So, after shutdown, decryption of swap is impossible. Do not store the Key anywhere unencrypted. Use a howto encrypt Filesystems HOWTO. And don`t use suspend to harddisk ;-)) Dirk Christoph Merk wrote:
'cause all our precious passwd's and line-inputs r stored here legible for anyone who opens our box! It's an open invitation 2 any1. It's basically the drawer where u left all our passwds and and infos where u thought no1 cud read 'em..... is that reason enough? thnx & have a great crypted day! c :-)
miguel gmail wrote:
Hi,
Can anyone tell me how to encrypt swap under SuSE 9.3? This is standard on Mac's and should be as well possible in 9.3.
On a SUSE 9.2 (default-kernel) system it was almost trivially easy to set up an encrypted swap, IIRC. You can try this for your 9.3:
Sorry to break the thread... but, what's the point to encrypt the swap?
Thanks!
-- Saludos, miguel
-- xcldsc TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl -------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: merkc@web.de, miguel.listas@gmail.com, suse-security@suse.com # Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2005-11-18 at 11:18 +0100, Dirk Schreiner wrote:
The way was to format swap every boottime with a new generated encryption Key and store the key only in the Kernel.
How about in-use speed?
And don`t use suspend to harddisk ;-))
Too bad :-( - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDfe52tTMYHG2NR9URAoNUAJ9RWvYbEY171B5V4zsdBcqMK++dAwCfefXS 2W5Wj2gVZABp4gjhAcvkSRU= =mESK -----END PGP SIGNATURE-----
Hi Carlos, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Friday 2005-11-18 at 11:18 +0100, Dirk Schreiner wrote:
The way was to format swap every boottime with a new generated encryption Key and store the key only in the Kernel.
How about in-use speed?
Security is costy SCNR. But as you can use symetric encryption, it is not too costy. Just Think swap is 100 Times slower than Ram. So slowing down swap a little would not have too much Effect overall. And don`t forget, normaly the most swap actions are done during Idle time. Just compare, if it fit`s for you.
And don`t use suspend to harddisk ;-))
Too bad :-(
Aehm Linux _is_ wonderful ;-) http://www.suspend2.net/features But anyway, maybe it is easier to shutdown, and reboot, than typing in a long and secure passphrase during boot. Do you have a smartcard reader ? Greetings, Dirk TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl-------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: robin1.listas@tiscali.es, suse-security@suse.com # Dateianhänge: 0
I have not really been following this conversation so please forgive me if this reply is not appropriate. What about installing your swap partitions on a USB memory stick. Would that work? You could take the drive out when the machine is not in use. HTH - Keith Roberts
I have not really been following this conversation so please forgive me if this reply is not appropriate.
What about installing your swap partitions on a USB memory stick. Would that work? You could take the drive out when the machine is not in use.
Yes it would work, but system performance will be much worse. And I think it is useless, because the system will probably crash very hard if you remove parts of its virtual memory. I also haven't read the whole conversation, but how about buying another gig of RAM and disable swap at all? Huh? Markus
suse@karsites.net wrote:
I have not really been following this conversation so please forgive me if this reply is not appropriate.
What about installing your swap partitions on a USB memory stick. Would that work? You could take the drive out when the machine is not in use.
yes, but much slower than a resident drive. -- Until later, Geoffrey
participants (10)
-
Ariel Sabiguero Yawelak -
Axel Sintermann -
Carlos E. R. -
Christoph Merk -
Dirk Schreiner -
Geoffrey -
Markus Gaugusch -
miguel gmail -
Randall R Schulz -
suse@karsites.net