Slashdot Mirror

← Back to Stories (view on slashdot.org)

Basics of Cryptographic Filesystems

Posted by michael on from the don't-forget-the-password dept.

mix_master_mike writes "Found a good article over at security focus: cryptographic filesystems: design and implementation. Nice piece on this level of security that isn't being used very effectively in the industry."

2 of 24 comments (clear)

  1. encrypted swap space by TheSHAD0W · · Score: 5, Interesting

    I know I'm going off on a tangent, but I think it's relevant... One of the big problems with PC security is swap space. Unencrypted data often finds its way onto the disk when memory space is swapped out. The simplest solution would be to just load the system up with a huge amount of RAM and disable swapping entirely, but that can get expensive.

    Are there any crypto schemes designed specifically for use on swap files and volumes? They'd need to be blazingly fast so as not to slow the machine down, but would also have to be strong enough to protect anything that gets dumped to the drive. Maybe a big (2 meg plus) hash table generated randomly on boot, with a few extra operations to keep block comparisons from working?

    1. Re:encrypted swap space by snowtigger · · Score: 5, Informative

      Very good point.

      And that's why the swap space of OpenBSD is encrypted. Fortunately some programmers already thought of this =)