Subject: Re: questions about netbsd
To: David Maxwell <david@vex.net>
From: Paul de Weerd <paul@mail.me.maar.nu>
List: port-i386
Date: 02/10/2003 02:25:13
On Sun, Feb 09, 2003 at 06:59:11PM -0500, David Maxwell wrote:
| > Another question: Can i encrypt the swap space on netbsd?
| 
| Not by flipping a switch on your swapspace, but yes, by swapping to a
| file on an encypted filesystem, for example.

I would prefer a native encryption in such cases. Swapping to a file
sounds like more overhead (although I could be mistaken).

| What attack scenario are you concerned about, such that you want that
| feature?

What's the use of an encrypted filesystem if you have no encrypted
swap ?

Please see http://www.openbsd.org/papers/swapencrypt.ps for more
information on swap encryption and it's implementation in OpenBSD.

Cheers,

Paul 'WEiRD' de Weerd

-- 
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/