Subject: Re: questions about netbsd
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Paul de Weerd <paul@mail.me.maar.nu>
List: port-i386
Date: 02/10/2003 12:38:50
On Sun, Feb 09, 2003 at 09:07:14PM -0500, der Mouse wrote:
| >> What attack scenario are you concerned about, such that you want
| >> that feature?
| > What's the use of an encrypted filesystem if you have no encrypted
| > swap ?

<SNIP>

| Of course, running with encrypted filesystem and unencrypted swap and
| thinking you're as secure as the encryption on your filesystem is
| dangerously close to deluding yourself.  But that doesn't make
| encrypted filesystems useless in the presence of unencrypted swap; it
| just means that you have to know your system and its exposures to make
| intelligent decisions about what it's safe to entrust to that system.

Very true indeed. I meant my question as a reminder that having an
encrypted filesystem with 'normal' swap could still result in data
originating from the encrypted filesystem being read by an attacker. 

What if the encryption key used to encrypt your cgd device is stored
in unencrypted swap ?

I'm not saying encrypted fs's are useless without encrypted swap, just
that there is the point you made - don't delude yourself into thinking
you're unltimately secure with cgd and unencrypted swap.

Sorry for the confusion ;)

Paul 'WEiRD' de Weerd

-- 
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/