Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Truecrypt and swap

Posted on 2016-08-28
6
Medium Priority
?
190 Views
Last Modified: 2016-08-30
Hello!

I've got Ubuntu 14.04 Desktop and I use Truecrypt to store my confidential files. I've read that since Truecrypt does on the fly encryption, it only stores its decrypted content (and user's password and his keyfile I would think?) in RAM. If it's all true, then does that mean that even if I don't encrypt my swap, there's no risk that my data stored in a Truecrypt container (and my password and a keyfile too?) would end up on a swap partition in an unencrypted form?
0
Comment
Question by:Member_2_7970041
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 22

Accepted Solution

by:
robocat earned 2000 total points
ID: 41774347
The chances are low but this is not impossible.

If you bother to use Truecrypt, you should also encrypt swap .  Better yet, encrypt the entire OS if you're really security conscious, because you never know that parts of your confidential files get copied as a temp file.
0
 
LVL 24

Expert Comment

by:Eirman
ID: 41774367
If you are concerned about the security of your encrypted data, now and especially in the future,
you should consider TrueCrypt's successor VeraCrypt

Truecrypt is no longer being supported or developed.
I believe that it still quite secure, but who knows what the future may bring!

From the VeraCrypt website .....
VeraCrypt is a free disk encryption software brought to you by IDRIX that is based on
TrueCrypt 7.1a. - It's free and open-source.

==============================================================
To answer your specific truecrypt question, your password/encryption keys
are never stored in the swapfile.
Anyhow, once you choose volume encryption, everything on your OS disk
including temp files and the swapfile are automatically encrypted, unless you have
deliberately moved your swapfile to another disk/partition other than that of your OS.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 41774628
If the whole system is encrypted then you don't have to worry about anything from RAM being written to Swap in plain-text. https://veracrypt.codeplex.com/wikipage?title=System%20Encryption
However if your swap partition is not encrypted, it is possible for your keys to be written there in any OS. I've read both phases of the Audit on the original TC, nothing about SWAP really came up, so I think the chance is remote as stated, but still possible.
-rich
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 24

Expert Comment

by:Eirman
ID: 41775115
Thanks for ignoring my comment
0
 

Author Comment

by:Member_2_7970041
ID: 41775345
Eirman,
I didn't ignore your comment. I read it and thanks for sharing the info you have. Nevertheless, it's my prerogative to grant the best answer to anyone who's been participating in this thread. And I'm under no obligation to inquire more about the subject.

I decided not to encrypt my swap or any other parts of Ubuntu. Question is closed. Thank you!
0
 
LVL 24

Expert Comment

by:Eirman
ID: 41776089
I read it and thanks for sharing the info
A little acknowledgement was all that I was looking for (not points) - Thank you.
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

"Any files you do not have backed up in at least two [other] places are files you do not care about."
Check out what's been happening in the Experts Exchange community.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question