[ale] and today's paranoid Linux hack is....

Sat Jan 20 01:48:52 EST 2001

Realtime random-key encrypted swap space!!!

The (recently released) linux-2.4.0 *international* patch includes a patch
for util-linux that allows "losetup" to take an encryption passphrase from a
file descriptor.  Finally I can implement that RANDOMIZED encrypted swap
hack that I wanted without modifying losetup or mkswap!!  :-)

Here's how it works:

-- Quick prerequisites: --
Linux-2.4.0 kernel
patch-int-2.4.0.latest (ftp://ftp.kernel.org/pub/linux/kernel/crypto)
util-linux-2.10o  (ftp://ftp.kernel.org/pub/linux/util/util-linux)

1: Patch the kernel with the international patch
2: Patch util-linux with the resulting patch in
/usr/src/linux/Documentation/crypto/
3: Configure kernel for "Crypto Support" and "Loopback Device / Encryption
Support"
4: build kernel, and build "lib" and "mount" from util-linux and install
them
--- End Prerequisites ---

--- Procedure: ---
1: Edit /etc/fstab and comment out your normal swap device (I will use
/dev/hda2, THIS MAY NOT BE YOUR SWAP DEVICE!)

2: Add new swap line below it with "/dev/loop0" instead of your normal
device name.

3: Edit the appropriate startup script for your distro that executes
"swapon -a" and comment it out.

4: Further down the script, *after the regular filesystems get mounted* add
the following code:

--------[ cut here ]--- 8<--------
echo "Setting up K.C.'s randomized swap hack..."
/bin/dd if=/dev/urandom bs=1 count=16 | \
    /sbin/losetup -e twofish -k 128 -p 0 /dev/loop0 /dev/hda2
/sbin/mkswap /dev/loop0
/sbin/swapon -a
--------[ cut here ]--- 8<--------

NOTE:  CHANGE "/dev/hda2" IN THE ABOVE CODE TO YOUR PHYSICAL SWAP DEVICE.
If you accidently specify an active hard drive partition there then you are
going to obliterate it with random garbage.   You have been warned! (Feel
free to change the banner, too.  [grin])

I had to add it later in the startup process because the encryption APIs
didn't work right until after the /proc filesystem got mounted.

The way it works is this:  dd grabs 16 random bytes from /dev/urandom (use
/dev/random if you want better entropy, at the cost of a several second
delay at startup) and passes them to losetup as a pass-phrase.  losetup then
hashes this "pass-phrase" into a 128-bit key for the crypto-API between the
loopback "pseudo-device" and the actual swap partition.  From there on
everything is done talking to the loop device and is therefore encrypted.

Since you never know the actual pass-phrase that is used, anytime the
machine is rebooted or powered off the swap space becomes trash.  That's why
your script has to re-run "mkswap" on the loop device when you bring it back
up- you have a new random key.

This way if your linux box is ever stolen from you there's very little
chance someone is going to find rogue data (email, SSH passwords, PGP keys,
&etc) in your swap space.

Don't think you need this?   Run "strings" on your swap device someday.
Makes for nice rainy-day reading.  :-)

Have fun!

 - K.C.  mailto:kbudd at phreakmonkey.com

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.