Results 1 to 5 of 5

Thread: eCryptFS and SWAP

  1. #1

    Cool eCryptFS and SWAP

    Hello. I have the little question... I use eCryptfs, tell me please, how can I avoid read data from swap? Is it possible? Thanks for you answer.

  2. #2
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,742

    Default Re: eCryptFS and SWAP

    Swap is a image of memory so is not encrypted by default since all in memory is unencrypted. Most people implement encryption though LVM containers since it is a single container that can hold multiple partition and encrypting it encrypts all in the container. Otherwise you need a different encryption for each partition

  3. #3
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,607
    Blog Entries
    3

    Default Re: eCryptFS and SWAP

    Quote Originally Posted by aleksejsmir View Post
    Hello. I have the little question... I use eCryptfs, tell me please, how can I avoid read data from swap? Is it possible? Thanks for you answer.
    If you have lots of memory, then swap is perhaps not used.

    Other than that, my best advice is to use encrypted swap. You can setup swap to be encryted with a random key (changes each time you boot). That way, you never need to provide the key during boot. However, hibernation won't work if you do that. Personally, I never hibernate, so that isn't a problem for me.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  4. #4

    Default Re: eCryptFS and SWAP

    Quote Originally Posted by nrickert View Post
    You can setup swap to be encryted with a random key (changes each time you boot). That way, you never need to provide the key during boot. .
    interesting... how to do it?

  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,607
    Blog Entries
    3

    Default Re: eCryptFS and SWAP

    Quote Originally Posted by aleksejsmir View Post
    interesting... how to do it?
    What's the output of
    Code:
    grep swap /etc/fstab
    Note that there is actually a command "ecryptfs-setup-swap" which supposedly does this for you. I'm not sure whether I would trust it, as I prefer to do things manually.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •