Search:  
Gentoo Wiki

SWAP_ERASE_on_halt

This article is part of the Security series.

Introduction

This article used to describe how to have the contents of your swapfile erased each time you did a power down. However that isn't secure in any way unless you always power down your machine when away from it. It also had a number of bugs and the option has been removed.

A better choice is to look at the cryptographic options:

In particular see the section 5 where it explains how to use a different random key each time the machine is booted. If you do this then your swap will always look like random noise, and cannot have the contents examined should someone get hold of your disk no matter if you powered down normally or not.


NO LONGER SECURE

"New" exploit found which makes encrypted swap (or any encrypted hdd for that matter) very vulnerable. Unplug power without proper shutdown, quickly boot up with exploit kernel, dump contents of ram to disk, find key, get at data! See: http://citp.princeton.edu/memory/

See Also

HOWTO Encrypt the swap space using dm-crypt and baselayout

Retrieved from "http://www.gentoo-wiki.info/SWAP_ERASE_on_halt"

Last modified: Fri, 05 Sep 2008 20:46:00 +0000 Hits: 10,106