- This topic has 21 replies, 8 voices, and was last updated May 11-5:22 pm by RJP.
-
Posts
-
Pelucia Siffred
I used a swap file in antiX-21 and everything worked perfectly fine, however I decided to replace the swap file I was using with an encrypted swap file and the system started to have problems. Now my computer freezes when it starts swapping making the mouse and keyboard stop working, the only thing I can do is hard reset. I setup encrypted swap file following this tutorial: https://web.archive.org/web/20160504140513/http://hydra.geht.net/tino/howto/linux/cryptswap/
I already tested with two different kernels (5.10.57-antix.1-amd64-smp and 4.9.0-279-antix.1-amd64-smp) and the problem happened with both. My hardware configuration is in the attached file.
Does anyone know of any settings I can use to try and fix this?PPC
You wont probably like my opinion:
– If it isn’t broken, don’t try to fix it…Disable the swap (you mentioned file, but the same should apply to a partition), replace it with a non encrypted one, re-enable the swap, be happy…
Why do you need an encrypted swap? Are you a journalist/spy/mobster/terrorist? I can see the value of having data on an encrypted partition or even a protected folder/volume (yeah, I use those), but an encrypted swap partition? As you can see, it’s more trouble than it’s worth…P.
Edit: I read the “Why” section of the link you provided. Nope, I still do not think it’s advisable to encrypt a swap file, and I also deal with sensitive data, now and then. I never had a drive that was inside the warranty period fail on me- that’s partly because I only ever owned a new computer twice in my life. If a drive has to go “back to factory!” I think it will probably get trashed. I don’t think it’s probable someone trying to recover data from a broken drive, just to see if there’s something juicy, not unless you are in one of the categories I mentioned above. If you are… Hum… if you have encrypted data and someone really wants it, there are ways to making you talk and give away the password…
I noticed the instructions were at least half a dozen years old… they may be a bit outdated…- This reply was modified 1 week ago by PPC.
- This reply was modified 1 week ago by PPC.
- This reply was modified 1 week ago by PPC.
Hi PPC,
I want an encrypted swap file because I type a lot of passwords on my computer (email, enfs, veracrypt) and my computer is shared with multiple people. One of these people is information security technician and can take the passwords I type by inspecting the Swap file. I read on the internet that it is possible to take a lot of information from the swap file, including passwords that are typed on that computer.
Simply tell me not to use encrypted swap doesn’t help at all.So it seems, that, for your particular security needs, antiX was “broken”.
I can’t help you to get an encrypted swap file, it may even not be corrently possible: please see the top of this link (a warning dated from 2017) https://unix.stackexchange.com/questions/64551/how-do-i-set-up-an-encrypted-swap-file-in-linux#64569
It seems that if you want encrypted swap, the best way to go is using a partition…Edit: if all you want is to make sure that a particular person does not get his hands on the contents of your swap, I have a low tech way to go about it: a shortcut that closes all running windows (there’s a script for that on the forum), then disable swap and enable it back on. I have not tested this, but it *should* clean up the contents of your swap.
You can run this script at log-off, or every time you want. It’s a compromise between security and ease of use, and you get to keep using a swap file (that I think will be the default in antiX’s future).Since my time here is limited, I probably won’t be able to post on this thread any longer… Best of luck!
P.
- This reply was modified 1 week ago by PPC.
Robin
but it *should* clean up the contents of your swap.
No. You’d need to overwrite the drive area multiple times using dd with random characters and signs, before recreating the new empty swap on it. Otherwise a true security specialist will easily recover the former plain text content. But, for this task of secure deletion you’d need to ask your security expert, since there is no recipe working for all drive types the same 🙂
Windows is like a submarine. Open a window and serious problems will start.
PPC, disabling swap does not clear the contents of it, the bits remain there until they are overwritten.
Robin is right, you need to use dd command to overwrite the data with random values.
Thanks.
rokytnji
Just a hill billy guess. Maybe zram included with swap would fix this.
I use zram on one Dell laptop.
https://www.antixforum.com/forums/topic/swap-zram-to-improve-performance/
Sometimes I drive a crooked road to get my mind straight.
Not all who Wander are Lost.
I'm not outa place. I'm from outer space.Linux Registered User # 475019
How to Search for AntiX solutions to your problemsHi, rokytnji
I had used zram before. The problem is that memory is low and zram runs out fast, so I wanted to use disk to solve this limitation. ThanksI was able to find all my passwords with the following command line:
strings swapfile0 | grep -e "$PASSWORD1" -e "$PASSWORD2" -e "$PASSWORD3"Using unencrypted swap is dangerous.
BobC
Could you put the swap on a USB, and eject it when done?
RJP
I was able to find all my passwords with the following command line:
strings swapfile0 | grep -e "$PASSWORD1" -e "$PASSWORD2" -e "$PASSWORD3"Using unencrypted swap is dangerous.
How about if you run
sudo chmod 0600 swapfile0How about if you run
sudo chmod 0600 swapfile0What should keep the security expert assumed from reading its contents anyway, just booting the PC with a disk analysing tool instead of antiX?
Using unencrypted swap is dangerous.
Yes, sure, if your device is not physically secured by locking it up in your apartment all the day…
But you might get still away when following the additional hints for setting up encrypted swap files given here:
https://wiki.archlinux.org/title/dm-crypt/Swap_encryption#With_suspend-to-disk_support
In these instructions some common pitfalls are treated, so check out also what the links to known issues and missing prerequisites keeping encrypted swap from proper working suggest, and check what their warnings read.
Just keep trying.
Maybe @anticapitalista can give you some hints whether the swap is encrypted also when setting up antiX encrypted using the defaults in antiX installer.
Windows is like a submarine. Open a window and serious problems will start.
How about if you run
sudo chmod 0600 swapfile0What should keep the security expert assumed from reading its contents anyway, just booting the PC with an disk analysing tool instead of antiX?
Nothing. The only way is not to use swap and install enough ram-memory, and glue ram unit into motherboard.
Could you put the swap on a USB, and eject it when done?
BobC, Putting the swap file on a flash drive could slow down the system, and the health of the flash drive could be impaired.
Thanks for the idea.How about if you run
sudo chmod 0600 swapfile0What should keep the security expert assumed from reading its contents anyway, just booting the PC with a disk analysing tool instead of antiX?
Using unencrypted swap is dangerous.
Yes, sure, if your device is not physically secured by locking it up in your apartment all the day…
But you might get still away when following the additional hints for setting up encrypted swap files given here:
https://wiki.archlinux.org/title/dm-crypt/Swap_encryption#With_suspend-to-disk_support
In these instructions some common pitfalls are treated, so check out also what the links to known issues and missing prerequisites keeping encrypted swap from proper working suggest, and check what their warnings read.
Just keep trying.
Maybe @anticapitalista can give you some hints whether the swap is encrypted also when setting up antiX encrypted using the defaults in antiX installer.
Robin, I followed the instructions you posted, and the system keeps freezing when it starts swapping (between 40 and 80 MB). Unfortunately I was not able to resolve the issue.
Is the problem my processor? My processor does not have AES by hardware.- This reply was modified 6 hours, 11 minutes ago by Pelucia Siffred.
- You must be logged in to reply to this topic.
