[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: swap and live CD



On Sat, Nov 22, 2008 at 5:48 AM, Matej Kovacic <matej.kovacic@xxxxxxxxx> wrote:
> ...
> But the problem is, that Ubuntu uses swap partition of the host machine.

this isn't much of a problem if you use encrypted swap with an
ephemeral / one time key. power off the host (and wait for DRAM to
drain :) and you should be in good shape.

if data remanence attacks are in your threat model you've probably got
bigger concerns about porting your OS around random hardware though.

regarding using the USB for full OS/swap: the duty cycle of flash
memory is significantly less than disk platters. if you can make use
of disk swap safely it would probably be useful to do so.  booting
from read only ISO media also provides some integrity benefit.

(8.10 supports LVM+LUKS which can provide the encrypted swap without
the key management headaches eCryptfs avoids.  and both take advantage
of hardware crypto acceleration in kernel so those with VIA padlock
cores and other crypto offload won't even notice the overhead!)

my $0.02

best regards,