On Sat, 5 Jan 2002, Matthew Sackman wrote:
> On Sat, Jan 05, 2002 at 10:59:23AM +0000, Jon Masters wrote:
> > [OT]
> >
> > I'm looking at using encrypted swap on a new box soon, anyone here doing
> > this? Usually I have to say I don't bother encrypting swap and rely on
> > sensitive stuff being mlock()ed :-)
>
> Um, quite what would be the point of this? Do you encrypt the contents of
> your RAM?
Huh? If someone nicks a machine using encrypted swap then it's harder for
them to recover any useful data from it. Said machine is to be used for
offsite secure backups which are already encrypted using various strong
crypto and stored on ext3 on LV groups on RAID 5 arrays.
Anyway, getting back to the point, I had a *pathetic* argument with a
bunch of guys at a company that I used to work for (which includes a now
good friend of mine...) over using encrypted swap on BSD boxen and why it
was probably pointless in the environment it is in. In this case things
are different since we do not host the machine ourselves and therefore I
wish to remain as paranoid as possible over anyone obtaining anything
useful from it should they gain direct access, or it is stolen.
So what's the point about encrypting RAM? Although I have had a few
discussions about the potential for extremely advanced equipment possibly
being able to recover some bits of data that were stored recently in a
machine, that is probably unlikely to exist for quite some time :-)
> If you're machine is being used by other people then they will
> be able to read RAM and swap contents if they wish.
Explain.
Are you refering to the potential for rooting a box and then reading
memory, the potential for physical access, or something else. In any case,
I am the *only* person who has any kind of access to the box in question.
> only if you're machine is stolen whilst it is turned off does this kind
> of encryption make any difference - it's the same as using encrypted
> filesystems: has no bonus whilst the machine is in use as the OS has to
> be able to read and write to the medium. Or am I missing something?
The kernel locks any keys in to memory and so it is not swapped out to
disk. This means that, yes, someone can obtain physical access while a
machine is running and obtain the key from memory however this is
expensive and unlikely, and more to the point I am more concerned with
ordinary Bill Gates (or Joe Bloggs) in the street having any ability to
access any useful data at all.
> > I'll just use remote syslogging for now I think - serial console should
> > log any future panics . I've installed the serial console now (well it's
> > there but I'm waiting on adding more serial ports to another box)
>
> Well yes - it probably is easier but only if you've got the hardware to do
> it with - I've never even seen a working serial console... :-(
Huh? I've got serial consoles at home in Reading in case
apogee.jonmasters.org goes down and needs re-configuration. Pity BT have
fucked up my backup dialin line but then that's why they owe us 500 quid.
All you need is a null modem cable and a kernel boot parameter (don't
forget lilo/grub configuration and also add a panic=5 to be sure).
Cheers,
--jcm
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
This archive was generated by hypermail 2.1.3 : Sat 05 Jan 2002 - 22:29:18 GMT