[dm-crypt] encrypted SWAP FAQ item

Arno Wagner arno at wagner.name
Thu Jul 11 17:44:14 CEST 2013


On Thu, Jul 11, 2013 at 11:24:22AM +0200, Jonas Meurer wrote:
> Heya,
> 
> Am 11.07.2013 08:53, schrieb Arno Wagner:
> > Dear all,
> > 
> > I just have added a mini-HOWOT on how to set up encrypted swap
> > in FAQ item 2.2:
> > http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
> > 
> > Proofreading and suggestions welcome. 
> 
> Good idea to add it to the FAQ. Thanks for maintaining this very
> valuable piece of documentation.

Thanks!
 
> But maybe you should more emphasize the fact that /etc/crypttab
> implementations are distro-specific. While I know for sure that options
> like swap and noearly are supported in Debian-based distributions, I'm

Well, if "swap" is not supported, then this will just fail. In
this case, the user will likely have to write his/her own
startup-script. Same with noearly, it will simply fail if the
device is not yet available because it needs LVM or RAID-assembly.

I will see about saying this clearer though.

> not sure about Redhat-based ones. Last time I looked, only a small
> subset of crypttab options that we've implemented in Debian were
> supported on Redhat-based systems.
> 
> Additionally, the following sentence looks wrong to me:
> 
> "Note: use /dev/random if you are paranoid or in a potential low-entropy
> situation (embedded system, etc.).".
> 
> Mainly in low-entropy situations /dev/random would cause the boot
> process to hang, right? So for these setups /dev/urandom actually is the

No. It hangs only in a "no entropy" situation. With "low entropy",
it merely takes long. In a "no entropy" situation, you cannot do 
secure encryption and should do without it or find some entropy.
Also note that a pre-seeded /dev/urandom is not a "low entropy"
situation. 
 
> better solution. Granted that one isn't paranoid ;)

Not "better", faster. But catastrophically worse with
regard to security. If you do not care about security
in swap it is better to not encrypt it in the first 
place. But if you encrypt, then it must be secure. 
Otherwise people will make wrong assumptions.

History has shown time and again that having no security in 
place makes (most) people careful, but having very weak security 
in place gives them a false sense of security, which is a lot 
worse. Hence do encryption right or do without it.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list