This post was spawned from my own misconception that my swap partition contained no sensitive data on systems with a lot of ram.
All of my systems I work with have atleast 4GB of ram, so my swap usage is usually under 2 megabytes. Why should I worry what’s in my swap partition?
Instead of going into it, just try it yourself. My swap partition is /dev/sda5. Run the command:
$ sudo strings /dev/sda5 | more
What came up was a ton of interesting data, from files I had looked at, print jobs, and bash scripts. So yes, even if you have enough ram, your swap is still very vulnerable to storing a lot of data about you.
Good news is Ubuntu 9.10 / Karmic will have the option to encrypt swap, which is on the wiki.
Related posts:
#1 by molok on September 16, 2009 - 10:46 am
Quote
Remember that the swap contains a dump of your RAM when you use suspend-to-disk
#2 by vom on September 16, 2009 - 11:05 am
Quote
If you do an alternate install, encrypted swap has been there since (at least) intrepid, which is what I’m running. I have:
/boot – ext3
/ – luks/lvm crypto
swap – luks/lvm crypto
#3 by FireWave on September 16, 2009 - 11:36 am
Quote
Either, don’t forget that if you encrypted your SWAP, suspend-to-disk will be disable !
#4 by Eric Hammond on September 16, 2009 - 4:28 pm
Quote
I used the alternate install CD to put Jaunty on my laptop and desktop with the encryption+LVM choice. It does everything beautifully including encrypting swap and hibernate (suspend to disk). You simply need to enter the passphrase when resuming.
#5 by Flimm on September 17, 2009 - 11:18 am
Quote
@Eric: Same here.
#6 by Richard on September 20, 2009 - 9:50 pm
Quote
Perhaps this is a good case for not running swap at all. There is a sizable minority that actively advocate that. It would be interesting to know the side effects of this setup.
#7 by Fe on October 20, 2009 - 1:30 pm
Quote
@eric/everyone:
How would you do that on an already installed system? (namely karmic koala)
I choose to encrypt home and the swap got encrypted too… No Hybernation :/