# Swap encryption with cryptoloop? [solved]

## orange_juice

Hallo!

My intention is to encrypt my swap device.

After some research, I came across this post where its author, Sachankara, reasons the encryption of a swap device as follows:

 *Sachankara wrote:*   

> Why encrypted swap devices?
> 
> Everytime you log onto your computer the password is sent to PAM (Pluggable Authentication Module), which in turn encodes the password using a special algorithm. The encoded password is then compared to other pre-encoded passwords in a hidden database, and if it's a match - grants you the access to your user. And here lies the problem: PAM stores the password in plain text in the memory. Although the password is quite (very) safe within the memory, it can turn into a huge security problem if the memory residing the password(s) is cached to the swap device. An unauthorized user can then scan the swap devices for available passwords and, in worst case, gain full access to your system. This is something we don't want (don't we? ). 

 

This post initiated on January 2005, and since then provides a script that is being periodically updated and caters for the encryption of the swap device.

One year and a half later... another author, slick, posted the following message:

 *slick wrote:*   

> I simply use this out of the box:
> 
> /etc/fstab
> 
> Code:
> ...

 

Indeed, "man swapon" reads:

```
If loop=/dev/loop?  and encryption=AES128 options are  present  in

       /etc/fstab  then  swapon  -a will set up loop devices using random

       keys, run mkswap on them, and enable encrypted swap  on  specified

       loop  devices.  Encrypted  loop  devices are set up with page size

       offset so that unencrypted swap signatures on first page  of  swap

       devices  are  not  touched.   swapoff  -a will tear down such loop

       devices.
```

I have the following questions: 

1) Can the swap device become a security breach that might reveal important information, even the root password, to an intruder?

2) Is it really so simple and effective to encrypt the swap device through /etc/fstab? 

Kind_regards,

orange_juiceLast edited by orange_juice on Thu Jun 22, 2006 9:18 pm; edited 2 times in total

----------

## troymc

1) Yes

 2) Yes

Boy, that was easy!   :Very Happy: 

Another, often overlooked risk, is temporary files created in /tmp & /var/tmp. Particularly when applications terminate abnormally and don't get a chance to clean up after themselves.  I use a small tmpfs filesystem for /tmp - it is very fast performance-wise and is destroyed every reboot. Then a use a large non-persistent encrypted filesystem for /var/tmp. This filesystem uses a random key every boot & is re-mkfs'd every boot.

troymc

----------

## slick

 *troymc wrote:*   

> ...Then a use a large non-persistent encrypted filesystem for /var/tmp. This filesystem uses a random key every boot & is re-mkfs'd every boot...

 

Is the following in /etc/fstab a good way? I think tmpfs is really fast and if it using the swap it will be encrypted.   But be sure the swappartition or your ram are enough, like 2G

```
/dev/hda1 none swap sw,loop=/dev/loop7,encryption=AES128 0 0 

none /var/tmp   tmpfs  nr_inodes=1M         0 0

none /tmp   tmpfs  nr_inodes=1M         0 0
```

----------

## troymc

 *slick wrote:*   

> 
> 
> ```
> /dev/hda1 none swap sw,loop=/dev/loop7,encryption=AES128 0 0 
> 
> ...

 

A couple of points:

   1) Do you really think you'll need 1 million files/dirs in /tmp?  I'd probably start with 1k and up the number from there as needed.

   2) Always specify a size= parameter, too. This will keep you from running out of memory if you create huge files in /tmp.

   3) Don't use tmpfs for /var/tmp unless you have huge amounts of memory/swap. This is where large compilations take place (OpenOffice will eat 1Gig easy). I use a non-persistent encrypted filesystem configured in /etc/conf.d/cryptfs. Read here for more details (I encrypt /var/tmp the way they talk about encrypting /tmp).

troymc

----------

## orange_juice

I think I need to sum up! The following text sumarizes the "out of the box or portage" options to encrypt 

1) swap 

2) /tmp 

3) /var/tmp 

It also includes 3 questions regarding these issues.

1) About swap encryption:

a) The first option is to use the following line in /etc/fstab

```

/dev/hda1 none swap sw,loop=/dev/loop7,encryption=AES128 0 0 
```

 Also the relevant kernel entry should be enabled: 

```
Device Drivers --> Block Devices --> Cryptolop Support
```

b) The second option is to use 

```
emerge sys-fs/cryptsetup
```

... as described in the article Disk cryptography with dm-crypt from the Gentoo Hardened Project 

(Which is probably not well linked because it cannot be found from http://www.gentoo.org/proj/en/hardened)

 2) About /tmp encryption

a) The first option is to use tmpfs.The relevant fstab line will be as follows

```
none /tmp   tmpfs  size= [void],nr_inodes= [void]         0 0
```

The [voids] should be filled according to RAM and SWAP sizes. However as stated in this forum and  this gentoo-wiki article this method consumes quite a lot of RAM. 

b) The second option is to use 

```
emerge sys-fs/cryptsetup
```

3) About /var/tmp

The only reasonable option seems that of using 

```
emerge sys-fs/cryptsetup
```

Concluding, my questions are:

Question 1: Are the 2 mentioned methods of encrypting the swap partition equivalent?

Question 2:  I have 1 GB RAM and 2GB swap memory. What could be the numbers used in the size and nr_nodes of the tmpfs entry?

Question 3: I feel that tmpfs is a rather complicated solution due to its heavy use of RAM and SWAP. According to the "Keep it simple" rule, would not it be better to use cryptsetup even in /tmp encryption?

Kind regards,

orange_juice

----------

## Reikinio

 *orange_juice wrote:*   

> 
> 
> (...)
> 
> ... as described in the article Disk cryptography with dm-crypt from the Gentoo Hardened Project 
> ...

 

 Disk cryptography with dm-crypt is unfinished and outdated, that's probably why it's not well linked, all you need to learn from it can be learned by reading cryptfs.example that ships with cryptsetup||cryptsetup-luks package. 

1) No, the first method uses cryptoloop, and the second one uses dm-crypt. 

If I were you I'd use dm-crypt instead, if you want to use cryptoloop, read at least  this first.

----------

## orange_juice

Thank you! 

Therefore...

About the swap device:

Cryptoloop is not safe... and dm-script should be used instead. 

About /tmp, /var/tmp

Browsing through the Howtos, relating to encryption, I see that it is quite a fuss! Is it worth to straggle for the encryption of those two directories? I have built a web server and I just need to keep this server reasonably safe. Is there a "security hole" if I did not encrypt those directories? 

Kind regards,

orange_juice

----------

## Reikinio

 *orange_juice wrote:*   

> Thank you! 
> 
> (...)
> 
> About /tmp, /var/tmp
> ...

 

First, I am by no means an expert, so take what I say with a grain of salt.

When you encrypt a partition what you're doing is protecting its data from unauthorized physical access to your computer, it doesn't protect you from someone tampering with your data from within your running system.

I have no idea whether you should or shouldn't encrypt /tmp, will there be any sensitive files there? 

Personally, I think that if you haven't encrypted all your partitions( / , /tmp, swap, /home, ....), then there is a hole, specially if / is not encrypted, someone with physical access to your computer could perform a man-in-the-middle attack.

This is all a little bit paranoid, I have no idea if encrypting a system that is going to be a web server is a good idea or not, perhaps in your case Tripwire or AIDE is enough, don't know.

There are a lots of things you can do to secure your web server, but with every security layer you add, usability decreases, question is, can you live with the trade off ? 

Bye

----------

## orange_juice

Thank you for your answer. 

Kind regards,

orange_juice

----------

## cpakkala

Is there any reason to encrypt /tmp explicitly if you are already using encrypted swap and /tmp is mounted on tmpfs?  Seems to me that anything in /tmp that makes it to hard drive (via swapping) will be encrypted.

----------

## orange_juice

To be honest, I am not aware of the exact mechanisms that work in this situation. What I feel is that mounting tmp on tmpfs, although it is said that this is beneficial in expense of RAM, it is providing an adequate level of security for a user that needs to have a notion of safety as far as normal attacks and network situations are concerned. 

Strikes to me that securing your network is like securing your car. You put wheel locks, alarms and special key locks, OK. All these protect you against people that will prefer to steal a more easily compromised car than yours. That is all about it. However, if your car "has" to be stolen it will be! I have heard of stories that such a car was parked at the end of a garage in a building, and the thiefs had to unlock the door of the garage, compromise two other vehicles in order to move them aside and they only took the third one paying extra attention not to damage anything!!!   :Rolling Eyes: 

So... I have decided not to be extremely extra paranoid about all these things that relate to special security because what I do is not included in its reason of existence. Of course, I am trying to be careful as a considerate netizen and dedicate my remaining effort in discovering new aspects of computers in my everyday use. Which means that my everyday activity does not need the extra precaution measures that "extra paranoid" security offers. 

For people that are concerned about this extra step, I would recommend a more holistic solution which is  selinux . Selinux, is trying to build a very secure system from its basis covering every possible aspect of security in a manner of a live secure and constantly developing -in terms of security- organism. 

There is also openbsd and of course ipcop that can be used as further network-security implementations to your "have to do" step of Gentoo Security Handbook.

Kind regards,

orange_juice

----------

## woZa

 *troymc wrote:*   

> I use a non-persistent encrypted filesystem configured in /etc/conf.d/cryptfs. Read here for more details (I encrypt /var/tmp the way they talk about encrypting /tmp).
> 
> troymc

 

Thanks...

Worked a treat although it is a few years on and the conf file is now /etc/conf.d/dmcrypt

HTH

----------

