[vox-tech] Which cipher to use?
Ryan
vox-tech@lists.lugod.org
Tue, 4 Jun 2002 16:02:59 -0700
On Tuesday 04 June 2002 12:41 pm, Shawn P. Neugebauer wrote:
> On Monday 03 June 2002 10:25 pm, you wrote:
> [snip]
>
> > > > Why bother encrypting my swap? Losta passwords go in there in
> > > > plaintext, easily recoverable with a boot disk.
> > >
> > > Hrm, I'd argue that this isn't true. Many applications specificall=
y
> > > pin pages so they aren't swappable (I.e. ssh). Not to mention a
> > > healthy linux box shouldn't be swapping bins out to disk while they=
are
> > > being actively used. Have you ever found a password there?
> >
> > Yea, I grep'ed it for fragments of several passwords I use and found
> > them.
>
> I'm a little skeptical. What size fragment? Statistically, you may fi=
nd
> an arbitrary sequence if it's short enough. Did you actually try this
> after having booted with a boot disk?
I did it on an unused swap partition. My root password is over 12 chars l=
ong,=20
and it found it twice before i stopped it.
> In short, I think one has to be severely paranoid to want to pay the
> costs (performance, physical security, time, labor, risk of data
> loss--forgetting password--etc.) associated with this. A cost/benefit
> analysis is called for.
No risk of data loss, (it's setup as a loopback device encrypted with a=20
random password, then a new swap filesytem is created on it) and the=20
proformance loss isn't noticable.