>> Also, I think we talked about adding loop-aes to hlfs a long time ago, >> and it was voted against because its a physical security thing... but >> with swap it's not. If someone has read access to the swap device >> (someone in the 'disc' group), they could find sensitive information. >> GnuPG can be configured not to use swap, but GnuPG is not the only >> package that handles passwords or private files. Can we vote again?
I'm voting for it, of course. HLFS should definitly encrypte his swap partition. It's a standard feature on OpenBSD :-) >I am all for encrypted swap, using dm_crypt... Well, dm-crypt should be good enough for the swap and is easier to implement. Loop-aes is still stronger, though. An other point is that loop-aes performs faster and it could be a better choice for the swap. Regards, -- Jerome Pinot http://ngc891.blogdns.net/ -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
