Silk Road forums
Discussion => Security => Topic started by: StExo on October 05, 2012, 11:56 pm
-
<removed>
-
If you don't use FDE or have encrypted swap (paging files in windows) then you should definitely avoid using swap space. Depending on how much RAM you have entirely disabling swap can lead to performance issues. Generally it has been suggested to have twice as much swap space as you have RAM but on modern systems with 8GB + RAM it shouldn't matter if you have it or not. Another option is to configure swap space to be encrypted with a randomly generated key every time the system boots up. Then you can still take advantage of it if you need it, but as soon as you shut down your system everything that was written to the hard drive is permanently lost.
-
yes your paging file can be a downfall if your hardware ever gets seized. I notice a performance hit when I dont use a paging file.
I use a program called BCWipe. It has cool features like wiping free space, zeroing unused sectors (cool lil security measure), multiple wiping algorithms.
Its coolest Feature? Encrypting your paging file. Here's an excerpt from their help document:
BCWipe allows encrypting Windows Swap File. Swap File is the Windows system file that is used for the virtual memory support, and it can store parts of documents, you are working with, in an opened form on hard drive. Even if some powerful encryption program encrypts an original document, Windows can put a whole document or part of it to the Swap file in an opened form. Encryption keys, passwords, and other sensitive information can also be swapped to hard drive. Even if you use all of the security advantages of the latest Windows versions, simple investigating of the Swap file in DOS mode may allow extracting a lot of information from the file.
...
About initialization of the swap file.
When you reserve, for example, 5 Mbytes for an usual new file in Windows NT/2000/XP, the operating system clears the reserved 5 Mbytes of disk space with zeros. It is not so for the Swap File. When Windows boots up, it reserves disk space for the Swap File without re-writing the reserved disk space.
As a result, the following effect may occur. CryptoSwap starts to encrypt all the read/write operations to the Swap File, but activity on computer is not too high, and there is no need to use the Swap File. Hence, encrypted information won't be written to the disk space, reserved for the Swap File.
Now we boot to DOS and notice that only a small part of the Swap File (pagefile.sys) has been encrypted, all the other space in the file is just garbage, stored earlier on the disk. Since the ‘garbage’ can also contain some sensitive information, it is recommended to check
http://www.jetico.com/download/ is the download page. Its available for windows, osx and linux. The paid for version unlocks more wiping algorithms