Re: [swsusp] encrypt suspend data for easy wiping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 6 Jul 2005, Pavel Machek wrote:

Hi!

To prevent data gathering from swap after resume you can encrypt the
suspend image with a temporary key that is deleted on resume. Note
that the temporary key is stored unencrypted on disk while the system
is suspended... still it means that saved data are wiped from disk
during resume by simply overwritting the key.

hm, how useful is that?  swap can still contain sensitive userspace
stuff.

At least userspace has chance to mark *really* sensitive stuff as
unswappable. Unfortunately that does not work against swsusp :-(.

[BTW... I was thinking about just generating random key on swapon, and
using it, so that data in swap is garbage after reboot; no userspace
changes needed. What do you think?]

I (and many others) are doing it already in userspace. Don't you know about dm-crypt? I think the idea is described in its docs or wiki...

I also think that doing this in swapon is risky. Because nobody will guarantee you that random seed was restored before swapon and basing this random key only on boot time and (rather deterministic) irqs at boot is risky IMHO.

In userspace, init scripts should make sure that random seed is restored before using /dev/random for anything.


Grzegorz Kulewski
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux