Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261177AbTENPpT (ORCPT ); Wed, 14 May 2003 11:45:19 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261906AbTENPpT (ORCPT ); Wed, 14 May 2003 11:45:19 -0400 Received: from wohnheim.fh-wedel.de ([195.37.86.122]:37573 "EHLO wohnheim.fh-wedel.de") by vger.kernel.org with ESMTP id S261177AbTENPpQ (ORCPT ); Wed, 14 May 2003 11:45:16 -0400 Date: Wed, 14 May 2003 17:57:27 +0200 From: =?iso-8859-1?Q?J=F6rn?= Engel To: Ahmed Masud Cc: Yoav Weiss , Linux Kernel Mailing List Subject: Re: encrypted swap [was: The disappearing sys_call_table export.] Message-ID: <20030514155727.GA16093@wohnheim.fh-wedel.de> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.3.28i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1630 Lines: 43 On Wed, 14 May 2003 06:06:56 -0400, Ahmed Masud wrote: > On Wed, 14 May 2003, Yoav Weiss wrote: > > On Tue, 13 May 2003, Ahmed Masud wrote: > > > > Yes, it sounds like an interesting project. Check out openbsd's paper > > about this: http://www.openbsd.org/papers/swapencrypt.ps > > Thank you for this paper, it is a fun read. I do think however that a > few implementation differences should take place: > > 1. We should not enforce Rijndael as the only choice. > > 2. Every page should be encrypted iff it marked with some flag. This gives > a generic enough hook to create a swap_encrypt_policy type function to > determine whether it is desirable to encrypt a particular page or not. > > [...] Just browsed across the white paper, but this doesn't make a lot of sense to me. 1. Instead of cryptographic filesystems, you could just encrypt the block device. 2. The only reason not to do so it security. An attacker could use known-plaintext attacks, since some parts of the metadata can be reconstructed or guessed easily. 3. Instead of encrypted swap, you could just encrypt the block device. 4. The only reason reason not to do so is what? Sorry, beats me, I cannot see any reason. Is there a possible known-plaintext attack possible, that is not obvious to everyone, at least not to me? J?rn -- A defeated army first battles and then seeks victory. -- Sun Tzu - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/