[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: storage privacy (was: Nice quiet, private, anonymous life??)
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: storage privacy (was: Nice quiet, private, anonymous life??)
- From: "F. Fox" <kitsune.or@xxxxxxxxx>
- Date: Tue, 04 Dec 2007 17:57:34 -0800
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 04 Dec 2007 20:57:46 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=x2Hnob3PuOIHlYB/h9onp51zH0JZgDUxKFHrx4b2OEU=; b=uqvT1oEq2X21REL5VL2mzu/R/Gfc3IiuL6m5zVZqk4D8YdQ6NEs7cWIghLyYzCjyZp5OAU3Htb5MFdUYfT6VTM7NW5W0LDot5pIe08zZ1pb/V6952Ce0RSfoJrNyxRcns/+LYlwUWxgFuHaI+CoT9FCxCOqM1Ht9eEQq2qXbtDk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=ldthmIYwLFtR9vFidWHvGzI6IbbJG6bbHcJp61I0G7KWTD6jfV13wnG9hwpwDDUFBwcI/VOehBUp/EUl0lix592eE0c1plJtH8GsXyFRG69djXkOs11AOYGSqw+DZVT2CDNBznq4gly5BK26NVHoKaitjm/Qsw5lQ6jkYad7phU=
- In-reply-to: <200712042214.lB4MEHpv028268@xxxxxxxxxxxxx>
- References: <200712042214.lB4MEHpv028268@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.9 (Windows/20071031)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Scott Bennett wrote:
(snip)
> I'm not a LINUX user, but I would be surprised if there were not some
> similar facility in LINUX, but I haven't the foggiest notion how one would get
> Windows XP to encrypt its swapping/paging file or even whether Windows XP has
> that capability.
(snip)
There are indeed facilities for ephemeral swap encryption in Linux; I've
actually done it by three different methods to date (you'll have to look
up the exact docs used, though):
* Loop-AES module in Fedora Core 4-6 (AES-256, CBC);
* Dm-crypt in Fedora 7 (AES-256, LRW);
* Persistent (passphrase-based) root filesystem encryption from
install-time, via Dm-crypt (AES-256, CBC:ESSIV-SHA256), and ephemeral
("random-key") swap area encryption via the same method (and identical
module, cipher, and mode-of-op), in Debian 4.0.
The first two were before installers included this kind of stuff
(AFAIK), and so I sort of hacked it together using some scripts I wrote;
in the third, the functionality had been integrated into the installer. =:oD
- --
F. Fox
Owner of node "kitsune"
CompTIA A+, Net+, Security+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHVgWObgkxCAzYBCMRAtD/AJ9k8v9inAREHNkSLzEcf53KzZ3b7gCePOxE
pi54oGaCX5L5sMnoFmAmwlI=
=6LO7
-----END PGP SIGNATURE-----