Swap encryption with cryptoloop? [solved]

orange_juice · Last edited by orange_juice on Thu Jun 22, 2006 9:18 pm; edited 2 times in total

Hallo!

My intention is to encrypt my swap device.

After some research, I came across this post where its author, Sachankara, reasons the encryption of a swap device as follows:

troymc · Guru Joined: 22 Mar 2006 Posts: 553

1) Yes

2) Yes

Boy, that was easy!

Another, often overlooked risk, is temporary files created in /tmp & /var/tmp. Particularly when applications terminate abnormally and don't get a chance to clean up after themselves. I use a small tmpfs filesystem for /tmp - it is very fast performance-wise and is destroyed every reboot. Then a use a large non-persistent encrypted filesystem for /var/tmp. This filesystem uses a random key every boot & is re-mkfs'd every boot.

troymc

slick · Bodhisattva Joined: 20 Apr 2003 Posts: 3495

troymc · Guru Joined: 22 Mar 2006 Posts: 553

orange_juice · Posted: Wed Jun 21, 2006 11:30 am Post subject:

I think I need to sum up! The following text sumarizes the "out of the box or portage" options to encrypt

1) swap
2) /tmp
3) /var/tmp

It also includes 3 questions regarding these issues.

1) About swap encryption:

a)

Code:

/dev/hda1 none swap sw,loop=/dev/loop7,encryption=AES128 0 0

Also the relevant kernel entry should be enabled:

Code:

Device Drivers --> Block Devices --> Cryptolop Support

b)

Code:

emerge sys-fs/cryptsetup

Disk cryptography with dm-crypt

(Which is probably not well linked because it cannot be found from http://www.gentoo.org/proj/en/hardened)

2) About /tmp encryption

a)

Code:

none /tmp tmpfs size= [void],nr_inodes= [void] 0 0

The [voids] should be filled according to RAM and SWAP sizes. However as stated in this forum and this gentoo-wiki article this method consumes quite a lot of RAM.

b)

Code:

emerge sys-fs/cryptsetup

3) About /var/tmp

Code:

emerge sys-fs/cryptsetup

Concluding, my questions are:

Question 1: Are the 2 mentioned methods of encrypting the swap partition equivalent?

Question 2: I have 1 GB RAM and 2GB swap memory. What could be the numbers used in the size and nr_nodes of the tmpfs entry?

Question 3: I feel that tmpfs is a rather complicated solution due to its heavy use of RAM and SWAP. According to the "Keep it simple" rule, would not it be better to use cryptsetup even in /tmp encryption?

Kind regards,
orange_juice

Reikinio · Posted: Wed Jun 21, 2006 6:29 pm Post subject:

orange_juice · Posted: Thu Jun 22, 2006 5:31 pm Post subject:

Thank you!

Therefore...

About the swap device:

Cryptoloop is not safe... and dm-script should be used instead.

About /tmp, /var/tmp

Browsing through the Howtos, relating to encryption, I see that it is quite a fuss! Is it worth to straggle for the encryption of those two directories? I have built a web server and I just need to keep this server reasonably safe. Is there a "security hole" if I did not encrypt those directories?

Kind regards,
orange_juice

Reikinio · Posted: Thu Jun 22, 2006 7:18 pm Post subject:

orange_juice · Posted: Thu Jun 22, 2006 9:00 pm Post subject:

Thank you for your answer.

Kind regards,
orange_juice

cpakkala · Apprentice Joined: 17 Dec 2004 Posts: 154

Is there any reason to encrypt /tmp explicitly if you are already using encrypted swap and /tmp is mounted on tmpfs? Seems to me that anything in /tmp that makes it to hard drive (via swapping) will be encrypted.

orange_juice · Posted: Wed Jan 10, 2007 11:45 am Post subject:

To be honest, I am not aware of the exact mechanisms that work in this situation. What I feel is that mounting tmp on tmpfs, although it is said that this is beneficial in expense of RAM, it is providing an adequate level of security for a user that needs to have a notion of safety as far as normal attacks and network situations are concerned.

Strikes to me that securing your network is like securing your car. You put wheel locks, alarms and special key locks, OK. All these protect you against people that will prefer to steal a more easily compromised car than yours. That is all about it. However, if your car "has" to be stolen it will be! I have heard of stories that such a car was parked at the end of a garage in a building, and the thiefs had to unlock the door of the garage, compromise two other vehicles in order to move them aside and they only took the third one paying extra attention not to damage anything!!! :roll:

So... I have decided not to be extremely extra paranoid about all these things that relate to special security because what I do is not included in its reason of existence. Of course, I am trying to be careful as a considerate netizen and dedicate my remaining effort in discovering new aspects of computers in my everyday use. Which means that my everyday activity does not need the extra precaution measures that "extra paranoid" security offers.

For people that are concerned about this extra step, I would recommend a more holistic solution which is selinux . Selinux, is trying to build a very secure system from its basis covering every possible aspect of security in a manner of a live secure and constantly developing -in terms of security- organism.

There is also openbsd and of course ipcop that can be used as further network-security implementations to your "have to do" step of Gentoo Security Handbook.

Kind regards,
orange_juice

woZa · Posted: Mon Mar 31, 2008 4:10 pm Post subject: