Now that my system is considered (that’s what I think) a working desktop machine, it’s time for some security. First and easiest thing to do is to encrypt the swap partition.
What should I use though to achieve this goal ? cryptoloop ? Loop-AES ? cgd ? ppdd ? and so on and so on…The choices are too many to list. After reading Loop-AES author’s reply to this question:
[…] if Loop-AES works so much better, why hasn’t it been included in the kernel?[…]
here, and studying this great guide on computer security (How to defend your Privacy), I’ve decided to go for Loop-AES.
Quick SWAP encryption with Loop-AES HOWTO for gentoo linux:
1)Be SURE to remove any loop support from your kernel. Either as a module or builtin. We are going to build our own module so we don’t want the kernel’s module.
2) Supposing that your kernel does NOT have loop support we move on to installing the necessary packages.
echo "sys-fs/loop-aes ~x86" >> /etc/portage/package.keywords
emerge /usr/portage/sys-apps/util-linux/util-linux-2.12q.ebuild
emerge loop-aes
3) Time to change current swap configuration end enable the encryption support
swapoff -a
Now edit your /etc/fstab, find your swap lines and change them to something looking like this:
/dev/hda999 none swap sw,loop=/dev/loop9,encryption=AES128 0 0
4) We now clean the swap partition by filling it with 0s, recreate the swap partition and start using it
dd if=/dev/zero of=/dev/hda999 bs=64k conv=notrunc
mkswap /dev/hda999
swapon -a
You are ready, you swap is now encrypted on the fly.