-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for all the helpful posts.
I think I will go with just using my Linux laptop for it. I can just encrypt the swap, it's not difficult, I've played with cryptoloop before. I didn't use it for swap, but it's identical. And while I'm at it, I'll just add a file-backed cryptoloop for a small encrypted partition, which imho is easier than using the vim plugin, although I will actually be using vim :). It's my favourite editor on Linux. In that respect I have an important question: it is correct that vim only makes a swapfile in the same directory, right? No cute extra files in /tmp? :) And yes, it's perfectly possible to run without swap at all under Linux. But crypting the swap is rather trivial and it can be a useful addition. Since Linux doesn't use the swap intensively on normal use, the performance penalty is low. Windows seems to me to have a habit of overusing the swap, and an en-/decryption on every use might incur quite some performance penalty. The usual recipe involves choosing a random key on startup which is only kept in memory, so on shutdown (controlled or forced) the contents of the swap are just garbage since not even the legitimate owner still has the key. Swap doesn't need to persist over reboot. In this respect I have a nice idea, if you're worried about the swap remaining readible to root later on during uptime (when it becomes hacked). After all, some boxes stay up for years, so the swap is never wiped on reboot. It might be a bit paranoid, but the procedure is so easy that I thought I should mention it. Instead of using 1 swapspace of 512 MiB (example), you set up two partitions of 512 MiB. You only use one, crypted. After you've done something you wish to hide, you enable the other crypted swap, and disable the original crypted swap /after that/. If you assume the key for the crypted device is lost this way, your original data is scrambled, and only active pages are transferred to the new swap when you disable the first swapspace. If you're afraid the kernel might have swapped the page containing the original key to the new swapspace, you "shred" the old swapspace, but I think chances are low: a driver that handles crypting to swap will not swap it's own key out, because how is it going to unswap it? It needs the key to decrypt the key. The driver is written to keep everything needed to access the swap in main memory. The only possibility is that it keeps a second copy of the key, but I think this is unlikely. And with this procedure, you always have a minimum of 512 MiB swap, unlike when you just disable and re-enable the swap. Alessandro Vesely talked about snooping in the memory space of the process. Yes, if your computer is compromised, all activity at that moment is also compromised. The thing with swapspace though, is that the plaintext remains on disk long after you've edited the file! - From the whole discussion I get the idea that it's not that sure that Windows respects a locked page in the sense as we're talking about it here. Hibernation though is not an issue. Obviously if you hibernate, all pages are written to disk. You simply shouldn't hibernate while editing a sensitive document. Anyway, after the previous messages I'm not convident enough Windows will keep my plaintext off of the disk, not even with LockNote mentioned by Zach Himsel. So I'll just accept the extra trouble of grabbing my laptop in case I need the file. I am confident enough that Linux with crypted swap and partition will keep it safe. I don't want my Windows partition containing the literal text "Password for root access to important machine: geheim". Maybe all of it is overkill for my security needs, but it's not that much trouble. I just remember that time when my FAT root directory was wrecked, and I recovered schoolwork by searching the whole partition for a rather unique phrase I remembered having used in the document :). Thanks all, Peter. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRkm4IPqr/97I5g4/AQLi2QP+NB2iRq4btjzmCx0HZk4k5zR7SHHnEgKK IxiLGT6Y+8pKO23pWaK4y1YfxTKN2c8e70Xxzlk2u4oEdh1xiYUZk4E6CxxEE2wx eSOxHV8sYQ2l2wkvcrGyJ6X5IP7JfRbguBEoWlmaVaiwKZArgUBbk+MGq4UJ8SXA xQCFSC/5U9M= =kbph -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
