Musings about on-disk encryption in Fedora Core
Russell Coker
russell at coker.com.au
Tue Jul 6 00:40:56 UTC 2004
On Tue, 6 Jul 2004 03:00, "mike at flyn.org" <mike at flyn.org> wrote:
> > - encrypted swap
>
> This shouldn't be too hard. There are a lot of scripts out there that do
> this. The only issue is the timing of things. Generally, encrypted swap
> needs to be initialized after the RNG entropy pool. As mentioned before,
> this is probably a prerequisite to all of the other encryption features.
I agree, encrypted swap has to be the first step. One advantage of it is that
if things go badly wrong you won't lose data that's stored on disk (of course
trashing process address space will result in some bad data being written to
disk, but it will be small compared to the potential results of an encrypted
file system going wrong).
We could probably release a FC test version with encrypted swap as a default
and see how it goes. It would be good to get some wide-spread testing of the
kernel code for encrypted block devices...
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the devel
mailing list