Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Truecrypt and swap

Posted on 2016-08-28
6
Medium Priority
?
206 Views
Last Modified: 2016-08-30
Hello!

I've got Ubuntu 14.04 Desktop and I use Truecrypt to store my confidential files. I've read that since Truecrypt does on the fly encryption, it only stores its decrypted content (and user's password and his keyfile I would think?) in RAM. If it's all true, then does that mean that even if I don't encrypt my swap, there's no risk that my data stored in a Truecrypt container (and my password and a keyfile too?) would end up on a swap partition in an unencrypted form?
0
Comment
Question by:Member_2_7970041
6 Comments
 
LVL 22

Accepted Solution

by:
robocat earned 2000 total points
ID: 41774347
The chances are low but this is not impossible.

If you bother to use Truecrypt, you should also encrypt swap .  Better yet, encrypt the entire OS if you're really security conscious, because you never know that parts of your confidential files get copied as a temp file.
0
 
LVL 24

Expert Comment

by:Eirman
ID: 41774367
If you are concerned about the security of your encrypted data, now and especially in the future,
you should consider TrueCrypt's successor VeraCrypt

Truecrypt is no longer being supported or developed.
I believe that it still quite secure, but who knows what the future may bring!

From the VeraCrypt website .....
VeraCrypt is a free disk encryption software brought to you by IDRIX that is based on
TrueCrypt 7.1a. - It's free and open-source.

==============================================================
To answer your specific truecrypt question, your password/encryption keys
are never stored in the swapfile.
Anyhow, once you choose volume encryption, everything on your OS disk
including temp files and the swapfile are automatically encrypted, unless you have
deliberately moved your swapfile to another disk/partition other than that of your OS.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 41774628
If the whole system is encrypted then you don't have to worry about anything from RAM being written to Swap in plain-text. https://veracrypt.codeplex.com/wikipage?title=System%20Encryption
However if your swap partition is not encrypted, it is possible for your keys to be written there in any OS. I've read both phases of the Audit on the original TC, nothing about SWAP really came up, so I think the chance is remote as stated, but still possible.
-rich
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 24

Expert Comment

by:Eirman
ID: 41775115
Thanks for ignoring my comment
0
 

Author Comment

by:Member_2_7970041
ID: 41775345
Eirman,
I didn't ignore your comment. I read it and thanks for sharing the info you have. Nevertheless, it's my prerogative to grant the best answer to anyone who's been participating in this thread. And I'm under no obligation to inquire more about the subject.

I decided not to encrypt my swap or any other parts of Ubuntu. Question is closed. Thank you!
0
 
LVL 24

Expert Comment

by:Eirman
ID: 41776089
I read it and thanks for sharing the info
A little acknowledgement was all that I was looking for (not points) - Thank you.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question