[Cryptography] It's all K&R's fault
Bill Frantz
frantz at pwpconsult.com
Tue Apr 22 16:23:46 EDT 2014
I really don't understand any of the Unix systems (including
Linux). Can someone translate these items?
On 4/22/14 at 11:17 AM, gnu at toad.com (John Gilmore) wrote:
>>And encrypted swap is really the sweet spot for encryption
>>because all the key management problems just go away...
>
>You would think so, and so would I, but as usual in security software,
>we would be wrong. There are key management problems in making the
>swap partition usable by the BIOS, by subsequently booted copies of
>this OS or different OSes, etc:
>
>"Encrypted swap no longer mounted at bootup"
>https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/953875
I found that my swap device should be /dev/sda3 instead of /dev/sdb3.
So, just changing /etc/crypttab contents to
cryptswap1 /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
solved my problem.
I thought when Linux at least partitioned the disk, it wrote
swap as a particular partition type in the partition table. It
should have no problem finding that partition even if the
contents are unreadable garbage. It has no business trying to
read old swap -- that's what swap encryption is trying to prevent.
>"Reinstalling over a previous installation with encrypted swap
>displays a "Continue without swap" warning dialog"
>https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1066342
This one appears when the user tried to reinstall after having
an encrypted home directory. Why does that affect swap encryption?
>"encrypted swap reused from previous install when wiping and reinstalling"
>https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1097890
This bug writeup is Greek to me. :-)
>"Do not offer hibernate with encrypted swap"
>https://bugs.launchpad.net/ubuntu/+source/devicekit-power/+bug/423608
Not knowing the technical meaning of "suspend" and "hibernate",
I can make two guesses:
(1) Place the CPU in a very low power state and keep main
memory alive either by slow refresh -- DRAM or just stopping
the clock -- SRAM.
(2) Write the contents of main memory to disk and prepare
things so a restart will read it back and run the system again.
In case (1), there should be no problem. Case (2) produces
interesting design decisions.
Do we write the swap encryption key on the disk? Do we encrypt
it with a passphrase? Do we wipe the disk copy on restart which
may be difficult with some devices?
It appears that the developers were thinking along these lines:
The trick is to wrap swap, and all other partitions into a VG
which is put on an encrypted PV wholesale. So during boot,
the initramfs asks for a password for decrypting this PV,
which also works for resuming from hibernation.
but I have no idea what they are saying.
>"gnome-power-manager hibernates even when using encrypted swap"
>https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/722145
On my system, gnome-power-manager hibernates when idle by
default when on battery. Since my system uses encrypted swap,
this causes the machine to switch off without saving state.
Ideally, gnome-power-manager would know that swap was
encrypted and suspend to RAM instead of trying to hibernate.
Again my comments about key management above apply.
>Sigh...
Indeed John, you are correct. When you try to snapshot the
system to disk, you bring back key management problems. The
problems with re-install in the beginning of the list seem to be
a normal case of the complexity of Unix shooting itself in the foot.
I will note that if KeyKOS tried to encrypt its disk, it would
definitely have key management problems. KeyKOS does not have
swap in the sense of a virtual memory spill area. The whole disk
is virtual memory spill area, and kept for the life of the
system so it is also permanent memory.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"After all, if the conventional wisdom was
working, the
408-356-8506 | rate of systems being compromised would be
going down,
www.pwpconsult.com | wouldn't it?" -- Marcus Ranum
More information about the cryptography
mailing list