Subject: Re: zero'd swap & encrypted swap
To: None <tech-kern@netbsd.org>
From: None <CaptnZilog@aol.com>
List: tech-kern
Date: 06/14/2001 14:20:31
>>
>> the risk of physical compromise is about the only reason to encrypt it, i
>> think (or sero it), because that thwarts the attempts to recover data
>
>I see you've never used a diskless workstation.
>
even that doesn't seem to make much sense to me... so, if you are on a diskless workstation you encrypt swap, yet have your root filesystem mounted over unencrypted NFS? And *where* does it read your encrypted password from when you log on?
At this point, you may as well encrypt NFS traffic as a whole, since anything less would be useless. So what then is the point in encrypting swap, to re-encrypt it going back out on NFS?