On Fri, Jul 30, 2010 at 9:29 AM, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > So we have two options really: > > 1. Offer to turn on encrypted swap in the installer. Keep encrypting > everything. Warn users about saving files out, and media files, and work > towards playing media files in an embedded (e.g. java) player that doesn't > use plaintext temp files. > 2. Give up on encrypting anything on disk, and offer to install TrueCrypt if > it isn't already installed. > > IMHO it is important that Freenet works out of the box, and works reasonably > securely. Arguably it should be possible to install without administrative > rights. But swap files are an unavoidable problem - anything involving keys > in RAM is breakable as long as that ram gets stored to disk.
I think we should make some effort to achieve physical security, but it isn't a primary goal - there are just too many ways that someone can be compromised if the attacker has physical access to the machine, and addressing all of them is WAY beyond the scope of this project. Its not like we don't already have a huge task, without taking on additional problems. We should do something things to help with physical security, but I think worrying about swap is taking it too far - if the user is that concerned about it then they should address it outside the context of Freenet (and we can provide advice to this end). Ian. -- Ian Clarke CEO, SenseArray Email: ian at sensearray.com Ph: +1 512 422 3588
