[dm-crypt] Encrypt all partitions with dm-crypt

Heinz Diehl htd at fancy-poultry.org
Sat Sep 8 18:39:07 CEST 2012

On 08.09.2012, Arno Wagner wrote: 

> So? You miss the point: If swap can be securely encrypted
> independently, this decreases overall system complexity and
> hence increase security.

If swap is created on installation, encrypted with the same 
passphrase as the rest of the system, and just gets opened while
booting, it is clearly _less_ complex than having it created on every 
single (re)boot, incl. generating a new passphrase. 
You simply boot, enter the passphrase and you're done.

> For example, swap encryption done
> this way will not be subject to any problems with weak 
> passwords.

If you use weak passphrases, you have a substantial problem which goes
far beyond the fact of automatic swapspace generation/encryption on
boot vs. singe passphrase setup. Your whole system would be prone to
brute force / dictionary attacks. Assuming your swap passphrase is
randomly generated at boot-time, your swapspace would be secure, while
the rest is not. That makes no sense to me.
> And yes, it is possible that there are things in swap that
> cannot be found in the data partitions. Swap encryption 
> solves a different problem than data partition encryption.

You're right, I don't get the point. Really.
> That other encryption could be insecure on the system is
> immaterial, swap can (and should) be solved on its own.

Frankly, nobody would try to attack swap on a fully encrypted system
in the first place. If an attacker thinks it's worth the effort, where
would he/she think are most of the relevant data? I strongly guess it
would be the root and/or the home partition.

> And, as I have pointed out, there are reasons to want swap
> encryption even when noting else on the system is encrypted,
> so the independent approach needs to be engineered anyways.

I agree in this situation, just I don't understand why one would do
that when all the rest is unencrypted. It's more likely that the
various /tmp direcories will contain leaked sensitive data, or that 
sensitive data is dumped to disk under a crash or system fault. Even
the randomly generated passphrase could leak/be dumped, because the
root partition will be mounted before the swap is generated.

More information about the dm-crypt mailing list