Random data won't do the job either. Erase patterns aren't much good.
We've been over this before I think: you must melt the drive.
>> My problem is that if the crypting process is swapped out during
>> crypting, one could be able to recover parts of uncrypted file
>> in swap partition.
>
> `man chmod` Only the owner of the swap-file can read it. This should
> not be a user. It should be root. If root isn't trusted, you need
> to find a non-unix OS for your application.
The concern is usually that a government agency will grab your hardware.
Like these: IRS, BATF, FBI, EPA, DEA, FDA, NRC, FCC, SEC, FDIC, OSHA...
After they grab it, the FBI or NSA puts your drive platters under a
weird and expensive microscope. They could grab hundreds of GB of
deleted files off of a normal 4.2 GB disk, no problem. Then they sift
through the data on a Beowulf cluster.
Militant political action groups like Greenpeace may have the help of
university researchers, so don't assume they can do the same.
There was once a patch for encrypted swap.
>> Is there a way to malloc a non swappable part of memory ?
>
> Just `swapoff -a`. Now the swapfile isn't used at all. Do your
> memory allocation in a conservative manner so you don't run
> out. In other words, allocate only the buffer size you need and
> deallocate them when they no longer contain data you are using.
Don't keep anything in RAM too long. The better funded agencies
can sometimes read old data out of your RAM, even after it loses
power. I suggest a grenade attached to the inside of the case,
assuming murder charges are the least of your worries.
BTW, you should be psychologically prepared to resist torture and
worse. There may be ways to make you talk.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/