On Sun, Aug 20, 2000 at 08:28:50PM -0500, Signal 11 wrote: > > If I would have to choose between disabling my swap or adding a > > kernel patch so all my hard disk is encrypted (including the swap > > partition) I would chooce the later. Maybe create an unencrypted > > partition for non-sensitive information and programs. > > You're in luck: www.kerneli.org > > .. you should know, however, that typical write speeds are under > 1mb/s and read is around 4MB/s. > > I have a system running ReiserFS over the encrypted loopback device, > however the system is abysmally slow. It is on a K6-350. I have > a few theories on why this is, but I'm no programmer. Also, to save > you some trouble - the fastest algorithm appears to be Serpent. > > Oh, and you do *NOT* want to enable a swapfile under a looped FS > unless you enjoy soft-locking your system. The buffer for the > disk and for the loopback device can easily lock up, and if the > kernel is unable to swap the data back, it'll happily grind to > a halt for a random period of time. :( > > I would recommend either a hardware encryption solution, or to > use the loopback device strictly for storage of sensitive information. > Don't encrypt your whole system unless absolutely necessary. > > Also.. I would strongly recommend against deploying a looped filesystem > over a software RAID solution (any level) as there are known issues with > the RAID code in the linux kernel - both in terms of its interaction > with any ReiserFS partition and the loopback device.
Another solution would be to modify your hard drive in a clean room so that it would have an autodestruct capability that can be electronically activated and which takes effect instantly or nearly instantly. The autodestruct should be able to be activated by the computer itself (of course, only root would be able to do this) (which would require some extra software on your box). The autodestruct should also be rigged in such a way that if someone tries to remove the hard drive without the disabling of the autodestruct (which could possibly be done with by software, but would most easily be done by hardware modification), the autodestruct is immediately activated. I would suggest that the autodestruct would be in the form of thermite placed directly on top of if not inside of the hard drive and the thermited be activated by magnesium bound to a military squib. The military squib would be probably hooked up to a data line from a serial port (or if the hard drive is an internal hard drive, the circuitry which controls a serial port). The Linux kernel (or whatever kernel you are using) would have to be modified that the serial port used could not be written to under normal circumstances and would have to be activated by a kernel module. As for the autodestruct on removal, a detonator would be placed so that it would be detonated by an attempt to remove the hard drive and would ignite the magnesium if it went off. Note that the arrangement here could not be disabled. -- Travis Bemann Sendmail is still screwed up on my box. My email address is really bemann at execpc.com. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 2507 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20000820/408933d4/attachment.pgp>
