Subject: Re: questions about netbsd
To: None <port-i386@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: port-i386
Date: 02/09/2003 21:07:14
>> What attack scenario are you concerned about, such that you want
>> that feature?
> What's the use of an encrypted filesystem if you have no encrypted
> swap ?
...huh? It makes it harder for a putative attacker to get at your
data.
Getting data off an unencrypted filesystem borders on trivial.
Getting data off an unencrypted swap area is not nearly as trivial.
First, the data may not even be there; most machines have enough
filesystem space that it couldn't all fit into swap even if it tried,
which means that at least some, usually most, of the filesystem data
simply isn't there in swap. If it is there, finding it can be
difficult; telling whether it's the current version can verge on
impossible. It is most certainly harder than getting it off an
unencrypted filesystem.
Security is a matter of degree. It's harder to get data off a machine
with encrypted filesystem and unencrypted swap than a similar machine
with both unencrypted. (Both encrypted, of course, is harder yet. But
just because the middle one is weaker than the third doesn't make it no
better than the first.)
Of course, running with encrypted filesystem and unencrypted swap and
thinking you're as secure as the encryption on your filesystem is
dangerously close to deluding yourself. But that doesn't make
encrypted filesystems useless in the presence of unencrypted swap; it
just means that you have to know your system and its exposures to make
intelligent decisions about what it's safe to entrust to that system.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B