eCryptFS and SWAP

Hello. I have the little question… I use eCryptfs, tell me please, how can I avoid read data from swap? Is it possible? Thanks for you answer.

Swap is a image of memory so is not encrypted by default since all in memory is unencrypted. Most people implement encryption though LVM containers since it is a single container that can hold multiple partition and encrypting it encrypts all in the container. Otherwise you need a different encryption for each partition

If you have lots of memory, then swap is perhaps not used.

Other than that, my best advice is to use encrypted swap. You can setup swap to be encryted with a random key (changes each time you boot). That way, you never need to provide the key during boot. However, hibernation won’t work if you do that. Personally, I never hibernate, so that isn’t a problem for me.

interesting… how to do it?

What’s the output of

grep swap /etc/fstab

Note that there is actually a command “ecryptfs-setup-swap” which supposedly does this for you. I’m not sure whether I would trust it, as I prefer to do things manually.