[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Musings about on-disk encryption in Fedora Core



On Tue, 6 Jul 2004 03:00, "mike flyn org" <mike flyn org> wrote:
> > - encrypted swap
>
> This shouldn't be too hard.  There are a lot of scripts out there that do
> this.  The only issue is the timing of things.  Generally, encrypted swap
> needs to be initialized after the RNG entropy pool.  As mentioned before,
> this is probably a prerequisite to all of the other encryption features.

I agree, encrypted swap has to be the first step.  One advantage of it is that 
if things go badly wrong you won't lose data that's stored on disk (of course 
trashing process address space will result in some bad data being written to 
disk, but it will be small compared to the potential results of an encrypted 
file system going wrong).

We could probably release a FC test version with encrypted swap as a default 
and see how it goes.  It would be good to get some wide-spread testing of the 
kernel code for encrypted block devices...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]