Recently upgraded to Ubuntu 14 LTS from 12.04 and have run afoul of the dev/mapper/cryptswap1 bug that has rendered my swap partition unencrypted. (/home is OK) Otherwise, the swap functions as it should.
Being only an advanced Noob/low-level intermediate user, I’ve been reluctant to tackle this issue with a lot of commands and file edits suggested by others because I don’t know what irreversible damage I might accomplish. Lots of people have lots of suggestions and a lot more have dire warnings about what those suggestions might actually do. I’ve read many, many posts on this issue and am thoroughly immobilized by it all.
Since swap seems to work OK, I’m 90% inclined to dispense with encryption. But then I’m 10% concerned that should my computer be stolen (about a 10% chance), someone could glean some very private info from the unencrypted swap partition.
Encryption just appears to be one tool to secure private info should the unlikely scenario of computer theft occur (it’s a big desktop, not a little laptop). What other tools are available to prevent info theft?
Here’s where I need opinion, advice, and, I hope, solid info.
Would data be just as secure if, at the time of shutdown, I simply shut down the swap partition (with $swapoff -a) to move all of its contents to RAM memory, which would then be erased when the power supply goes cold? What’s the downside to that strategy? I have an 8GB swap partition and only 4 GB of physical memory, but my swappiness is set to 10 (and could be lower) and I normally don’t do a lot of memory-intensive activity. At shutdown, wouldn’t there usually be enough available memory to take on the swap partition? I would think that normally there would not be a lot of data in the swap and it would easily move out and be erased when I’m done for the day.
I wouldn't mind doing the manual swapoff at shutdown as an alternative to trying to force cryptswap onto my swap partition with a lot of tweaking that I don’t fully understand. As for a learning experience: I don’t really need that in my life right now. What I do need is a functioning computer with reasonable security.
Any comments, advice or ??
[ubuntu] An Alternative to Swap Encryption?
Aucun commentaire:
Enregistrer un commentaire