David Maynor wrote:
>This is true, so the best thing for this, in my opinion, instead of
>throwing the crypto blanket over everything, scrub the swap when a process
>is terminated so when the machine is shut down, you won't have to clean the
>entire swap.
(If I'm repeating myself and you already knew this, I apologize.)
Scrubbing swap is a good idea, but it turns out it is much harder
to do right then you might think. In particular, data can survive
many erases, due to the physical properties of hard drives as well
as the properties of filesystems and hard drive caching.
It seems that the only way to have any assurance that you've reliably
deleted data is to ensure that it was only written in encrypted form
in the first place, and to securely erase the key when you're done
with the data and want to erase it.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Aug 15 2001 - 21:00:22 EST