View Full Version : encrypting SWAP by default
I see that some time ago someone released a version of Knoppix 3.2 that would among other things encrypt the swap drive (http://www.bouissou.net/knoppix-mib/doc-html/Knoppix-Mib.html). In the current verson of knoppix, is there an easy way to do this? I use an encrypted persistent home on a USB stick, but when I'm running on any box that has a swap partition, I know I'm leaving clear-text data behind.
Thanks
Dave_Bechtel
06-08-2006, 11:08 PM
--One way to do this is disable all type 82 partitions (swap) and comment them in /etc/fstab.
--Then create an encrypted filesystem, and also create a swapfile on that FS after mounting it:
[ insert cryptoloop instructions here ]
' mount blah /mnt/encrypted -odefaults,rw,noatime '
' cd /mnt/encrypted '
' time dd if=/dev/zero of=swapcrypt.swp bs=1M count=64 ' == Create 64MB zero-file
' chmod 700 swapcrypt.swp ' == Make sure only root can read it
' mkswap swapcrypt.swp ' == Make it into a swap area
' swapon swapcrypt.swp ' == Activate it
' swapon -s ' == Check it
--That said, see these links:
( Search for " Debian " on this page )
http://wiki.noreply.org/noreply/TheOnionRouter/OperationalSecurity
http://www.ussg.iu.edu/hypermail/linux/kernel/0108.0/1163.html
http://linuxfromscratch.org/pipermail/hints/2005-March/002819.html
http://www.gentoo.org/proj/en/hardened/disk-cryptography.xml
--I'm pretty sure OpenBSD has encrypted swap, if not by default then at least as an option.
I see that some time ago someone released a version of Knoppix 3.2 that would among other things encrypt the swap drive (http://www.bouissou.net/knoppix-mib/doc-html/Knoppix-Mib.html). In the current verson of knoppix, is there an easy way to do this? I use an encrypted persistent home on a USB stick, but when I'm running on any box that has a swap partition, I know I'm leaving clear-text data behind.
Thanks
Powered by vBulletin® Version 4.2.2 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.