On Fri, 3 Feb 2017, Sebastien Marie wrote: ... > My understanding is if savecore(8) is able to extract bsd.core > information from swap partition, it means the bsd.core information is > *not* encrypted by crypto-swap (else, as keys are discarded on reboot, > savecore(8) wouldn't have any way to uncrypt the swap without keys). So > as bsd.core is readable by savecore(8), it means it is also readable by > attacker (by direct read of the swap partition - unplug the disk and > voila).
Right: if your system crashes and is made to write do "boot crash" then the information that was in memory at the time will be written out without being affected by whether swap encryption is enabled. That's not what swap encryption is for. If someone can get to ddb they can peel all the information out the kernel anyway! Swap encryption is like selecting a TLS cipher suite that uses an ephemeral key to get forward security: the goal is to make it so that when you choose to forget the past, it really is gone and can't be dredged up. Let's imagine that FDE on your box is defeated or evaded: - laptop is stolen while you're logged in - government locks you up until you decrypt - criminals use 'rubber-hose cryptanalysis' - actual crypto failure At that point, they have all your *current* data. What do they see if they then look at your swap partition? If you didn't use swap encryption then they see data from the possibly-distant past; if you used swap encryption then they would only see what the currently running system could see and *not* anything beyond the immediate past. > Now, if the swap partition is on crypto-softraid, before accessing the > swap layer, an attacker needs the key of crypto-softraid. So bsd.core > information is protected from above attack. Correct, though in that case the attacks above will then also be able to see what was on your machine at that past time. Someone paranoid about what's in memory on their box and for whom the attacks above are a concern should disable entry into ddb (ddb.panic=0 and ddb.console=0) and never write out crash dumps. Philip Guenther
