In message <20010605004833.978B07B84berkshire.research.att.com>, "Steven M. Be
llovin" writes:
>
>If you really want encrypted swap, and you want it with little effort,
>use CFS and swap to a file. I ported CFS to NetBSD; you can find it
>at your choice of

There are three problems with this:
a) performance (although I suspect this won't be *that* bad)
b) usability: you'd have to have someone actually login and type a
   passphrase before you can start swapping -- not always an option;
   you could cmkdir and cattach with random keys at boot time of
   course, but that goes back to your earlier point of having enough
   entropy when you boot
c) deadlock: if the system ever needs to page out cfsd....

An easier/quicker hack is adding encryption to vnd's (Niels also did
that in OpenBSD, I recall the diff was about 200 lines long).

The best solution of course is to have real encrypting block devices,
but I think the discussion was about quick hacks.
-Angelos

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]