[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
howtos:security:enabling_encrypted_swap [2013/01/23 01:51 (UTC)] – created nyteowlhowtos:security:enabling_encrypted_swap [2020/12/27 02:23 (UTC)] (current) – [Setting up Encrypted Swap] luks12
Line 2: Line 2:
 ====== Enabling Encrypted Swap ====== ====== Enabling Encrypted Swap ======
  
- 
-===== Introduction ===== 
  
 When available memory drops below a certain point, the Linux kernel will swap the contents of memory pages to swap space. When available memory drops below a certain point, the Linux kernel will swap the contents of memory pages to swap space.
Line 11: Line 9:
 ===== Setting up Encrypted Swap  ===== ===== Setting up Encrypted Swap  =====
  
-The following discussion will use several drive and partition designations. Be sure when implementing the procedures to adjust these to suit your own system.+<note important>The following discussion will use several drive and partition designations. Be sure when implementing the procedures to adjust these to suit your own system.</note>
  
-The first step required to encrypt the swap partition is to temporarily turn off swap. Close all unnecessary applications to free used memory and thereby discontinue the use of the swap space. While many applications can be configured to not use swap, this does not apply to the kernel. If the swap space is still being used, you will be unable to turn off swap.+The steps that follow can be used when initially setting up a system, or after a system is already running. If the latter, the first step required to encrypt the swap partition is to temporarily turn off swap. Close all unnecessary applications to free used memory and thereby discontinue the use of the swap space. While many applications can be configured to not use swap, this does not apply to the kernel. If the swap space is still being used, you will be unable to turn off swap.
  
 Though not necessary, perhaps the simplest approach is to boot the system into single user mode. This results in minimal services running and a single root shell. Though not necessary, perhaps the simplest approach is to boot the system into single user mode. This results in minimal services running and a single root shell.
Line 29: Line 27:
 '' # shred -v /dev/sdaX '' '' # shred -v /dev/sdaX ''
  
-Alternatiely, overwriting the space with random data from either /dev/random or /dev/urandom:+Alternatively, overwriting the space with random data from either /dev/random or /dev/urandom:
  
 '' # dd if=/dev/random of=/dev/sdaX bs=512 '' '' # dd if=/dev/random of=/dev/sdaX bs=512 ''
Line 37: Line 35:
 '' # dd if=/dev/urandom of=/dev/sdaX bs=512 '' '' # dd if=/dev/urandom of=/dev/sdaX bs=512 ''
  
-Note: that /dev/urandom is not quite as secure however it is significantly faster than using /dev/random.+<note>Using /dev/urandom is not quite as securehowever it is significantly faster than using /dev/random.</note>
  
 The next step is to create a file, if it doesn't already exist, named crypttab in /etc. The specifics for crypttab can be found in the man page. The next step is to create a file, if it doesn't already exist, named crypttab in /etc. The specifics for crypttab can be found in the man page.
Line 72: Line 70:
  
 Original source: [[http://www.milner.ca/article/slackware-encrypted-swap | Slackware Encrypted Swap]] Original source: [[http://www.milner.ca/article/slackware-encrypted-swap | Slackware Encrypted Swap]]
-Originally written by [[wiki:user:nyteowl | W. D. Milner]] +Originally written by [[wiki:user:nyteowl | W. Dean Milner]] 
  
-{{tag>security encryption swap}}+{{tag>howtos security encryption swap}}
 howtos:security:enabling_encrypted_swap ()