[Cryptography] encrypted swap (was: It's all K&R's fault)

Jonathan Thornburg jthorn at astro.indiana.edu
Tue Apr 22 16:10:05 EDT 2014 

I wrote:
| For anyone who hasn't read them, the paper/slides describing OpenBSD's
| swap encryption (which has been turned *on* in the default install
| since ~2000) make interesting reading:
|   http://www.openbsd.org/papers/swapencrypt.pdf
|   http://www.openbsd.org/papers/swapencrypt-slides.pdf

On Mon, Apr 21, 2014 at 05:57:23PM -0400, Sandy Harris asked:
> Do we need swap on current systems? Both server and desktop
> boxes now have gigabytes of RAM and I suspect that phones
> and such do not have enough or fast enough storage to make
> swap very useful. Why not just use an OS that does not swap?

Now that RAM is relatively cheap swap isn't needed anywhere near as
often as it was 10 or 20 or 30 years ago.  But some computer users
still find it useful to occasionally run workloads which swap, without
needing to provision correspondingly large physical memory (which would
go unused much of the time).

For example, the laptop on which I'm typing this message has 3GB of
physical memory, and most of the time I use considerably less than
that.  But every few months I need to (re)compile the latest revision
of some machine-generated C code for which the compiler needs 4-6 GB
of memory (that's *without* optimization).  Given some swap space,
this compile is as simple as typing 'gmake' and going to bed.  Without
swap, I'd probably need to get a new laptop, or I'd need to arrange an
account on a large-memory machine somewhere else (running the identical
OpenBSD version) and copy the code and .o files back and forth as
necessary.  So swap looks pretty attractive...

ciao,

-- 
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
    at any given moment.  How often, or on what system, the Thought Police
    plugged in on any individual wire was guesswork.  It was even conceivable
    that they watched everybody all the time."  -- George Orwell, "1984"

More information about the cryptography mailing list