Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD can encrypt swapspace

Posted by Nik on from the nothing-to-hide dept.

Continuing it's reputation for security, the OpenBSD kernel can now encrypt the contents of swap space, so that sensitive data can no longer be swapped to disk 'in clear', where it could survive reboots. The Blowfish cypher is used, as it is strong, fast, with a big key space. Obviously, there's a small speed penalty for this option. Note: The BSD section has been a little empty recently, due to illness. Thanks to all who enquired after me, I appreciate it :-)

9 of 41 comments (clear)

  1. Re:Why?? by Arandir · · Score: 2

    "But if root gets broken you're in trouble anyway."

    But root can get broken temporarily WITHOUT knowing the root password. Retrieving this off of the swap partition gives the cracker access anytime.

    --
    A Government Is a Body of People, Usually Notably Ungoverned
  2. Re:Why?? by Arandir · · Score: 2

    Go found out a little bit more about security before you cast dispersions upon OpenBSD for being too paranoid in encrypting swap. I'll give you a hint: partitions are persistant.

    --
    A Government Is a Body of People, Usually Notably Ungoverned
  3. Re:OpenBSD needs some help by limpdawg · · Score: 2

    The best place to send it would be bkimmel1@mac.com

    --

    Nascantur in Admiratione. (Let them be born in Wonder)

  4. Crypto Hardware by Bryan+Andersen · · Score: 2

    Now we just need someone Outside the US to design and make a PCI encryptor/decryptor board that supports blowfish. If I had the ability to program programible logic devices I'd think about doing this just for myself, but then I'm also in the US so if I did it, I couldn't easily post the design or export it. With current programible logic encryption rates over 1M bytes a second should be possible.

    Features that would be good. Write only key space. Space for a number of key sets. The OS can moderate who can use which key sets. It would use PCI bursting to transfer data to and from it. It would also need to handle common block chaining modes.

    I figure it could be done on one large FPGA or similar. It may require a bank of fast SRAM for buffer space, but I think it could be done without. The actual card size could be miniscule. No larger than the length of the PCI connector and about 40mm high. One could even support a number of different encryption/decryption methods. I'd like to see DES, Triple-DES, Blowfish, Two Fish, RSA and maybe a few others.

    1. Re:Crypto Hardware by Signail11 · · Score: 2

      It is quite obvious that you have little experience designing or implementing programable logic devices. 1Mb/sec is a *very* low target speed to shoot for if you're going to go to the bother of making a hardware encryption acceleration device. Blowfish is not especially well suited for hardware implementation; you need a 4K ROM to store the digits of pi and (this is the big one) 4K of RAM to store the key-dependent S-box. There are other ciphers that would be better uses of key space. Nonetheless, any decent implementation of a modern block cipher should be able to acheive at least 10 Mb/sec without pipelining or unreasonable use of chip space. With pipelining and appropiate interleaved encryption modes, (16x duplication of logic) I would think that 100 Mb/sec would not be an unreasonable goal, if not even significantly faster.

      Implementing RSA in hardware requires more finesse in that timing the carry-save delays and allocating space for multipliers becomes slightly trickier. The key operation is multi-precision modular exponentiation which can be done with general purpose hardware quite well. It doesn't make much sense to put in into a board devoted to symmetric algorithms.

    2. Re:Crypto Hardware by starman97 · · Score: 2

      You could use an Altera with onchip memory and a PCI controller as a single chip solution, or go with a
      PLX IOP480 which has an embedded PowerPC processor and an external memory bus. You could easily change your crypto program using one of these.
      I'm using a PLX9054 on a board with a PPC G3, they have really nice software support and DMA capability. I'll bet the G4 could really crunch some data with it's vector unit. 3x faster in Distributed Net numbers over G3 from what I've read.

      --
      Starman97@Gmail.com (bring it on spammers)
    3. Re:Crypto Hardware by phred · · Score: 2

      Speaking of Blowfish and block ciphers, Bruce Schneier has some very interesting comments on the convergence of stream and block ciphers in his newest monthly Crypto-Gram.

      -------

      --
      Bill Gates Is My Evil Twin.
  5. Re:Why?? by Bishop · · Score: 2

    I hate to spell it out, but the idea is this: Alice is useing a computer. The computer could be a laptop, a workstation, or a server. Eve wants to know what Alice is doing. Eve causes a system crash by pulling the plug or battery on the computer. Eve gains console access to the computer through theft or ligitemate access. Eve scans the contents of the swap file to see what Alice was doing.

    By using an encrypted swap file Alice makes it harder (maybe impossible) for Eve to perform this kind of attack. This type of attack is particularly effective against laptops as they are easy to steal. If I had a laptop that contained sensitive information I would want to use bath an encrypted filesystem and an encrypted swap file. Yes I would take a performance hit. However if the laptop is stolen I am out a few thousand dollars but my sensitive information is safe.

  6. Re:Why?? by Arandir · · Score: 2

    Then anyone who can get root access, even if only temporarily, can gain access to the swap file. And if you think gaining root access is impossible, it's time to wake up.

    Or maybe more than one person uses this computer. What is your lab mate with a boot floppy doing while you're at lunch?

    --
    A Government Is a Body of People, Usually Notably Ungoverned