Is there any advantage to encrypting your swap file on the fly, as opposed to wiping it on every shutdown as per XP/2k options?

I know the best is to have no swap file, but on machines like mine overburdened with all the latest defensive tech tools that not really feasable unless I up my Ram to 1 Gb.

I noticed a freeware option that encrypts your swap file from one of our guest posting...

http://www.geocities.com/phosphor2013/csgreadme.txt

HOW CRYPTOSWAP WORKS
====================

(The foregoing is adapted from the official documentation.)

CryptoSwap loads a low-level driver at Windows startup, before
Windows runs its virtual memory support mechanism and initializes the
swap file.

Upon initialization, the driver generates a random encryption key
that is unique to the current Windows session. The encryption key is
never written to disk, but held in RAM until the computer is shut
down or rebooted.

The CryptoSwap driver intercepts all filesystem operations, such as
open/close, read/write file, etc., detects requests to the swap file,
and encrypts data buffers when Windows writes something to the swap
file. When Windows reads data from or writes data to the swap file,
CryptoSwap encrypts and decrypts it on the fly, so that each
operation is performed automatically and transparently.

A swapfile can grow large over time if not cleaned.........would it not REMAIN large if only encrypted but never cleaned ?
If I am understanding you correctly......the encrypted Swapfile would remain hanging around.......since Swapfiles have been known to land people in jail..............an encryption has been known to be broken......your question suddenly becomes more complicated...........what is the encryption strenght......etc.......can the computer maintain an ever growing Swapfile.........(most computers can) but what would be the purpose ?
Would be interested is seeing what other posters comments are.

Copied and paste:

It is no longer necessary to wipe the swap file once after
activating CryptoSwap for the first time. When Windows reboots after
activating CryptoSwap Guerilla, the space that Windows reserves for
the swap file is now cleared as well as encrypted.




Ok, that statement confuses me......if the space is cleared then what is left to encypt ?
Is this person trying to say that the space is cleared AN ANY FUTURE INFORMATION IS ENCRYPTED ? If so...an the space is cleared....then whats the point of encryption ? Why not just clean the swapfile and do a secure wipe ?

{QUOTE-> A swapfile can grow large over time if not cleaned.....
....would it not REMAIN large if only encrypted but never cleaned ?

<-QUOTE}

No. A swap file is set to a certain size only which you can control. You are confusing them with index.dat files and/or browser cache files I think.


{QUOTE->
If I am understanding you correctly......the encrypted Swapfile would remain hanging around.......since Swapfiles have been known to land people in jail..............an encryption has been known to be broken......your question suddenly becomes more complicated...........what is the encryption strenght......etc...... <-QUOTE}

The implementation gives a chocie between AES 256bit key , Blowfish 448bit key, twofish 256bit key etc. All of them are solid choice. I seem to recall the newest directives allow secret and maybe even top secret US documents to be encrypted with AES (can't remember the key sizes though), so my guess is it's basically secure enough, unless you need more security than the US government.

The main advanatage of encrypting versus cleaning i guess is that it speeds up shut down times.

{QUOTE-> Copied and paste:

It is no longer necessary to wipe the swap file once after
activating CryptoSwap for the first time. When Windows reboots after
activating CryptoSwap Guerilla, the space that Windows reserves for
the swap file is now cleared as well as encrypted.
<-QUOTE}

The FAQ is kind of confusing, and is divided into 2 parts for 98/ME and XP/2K sections. You seem to have quoted the 98/ME part.


{QUOTE->
Ok, that statement confuses me......if the space is cleared then what is left to encypt ?
Is this person trying to say that the space is cleared AN ANY FUTURE INFORMATION IS ENCRYPTED ?
<-QUOTE}

Honestly, I'm not sure what he's trying to say too. My best guess is the same as yours. In 98/ME, you just run cryptoswap, it will automatically handle the existing prior swap file by filling it with random details,


{QUOTE->
If so...an the space is cleared....then whats the point of encryption ? Why not just clean the swapfile and do a secure wipe ? <-QUOTE}

The answer to your last question is Paranoia. The FAQ points out that you don't really need to wipe your swap file if you encrypt it every season, but some people will still try to wipe it anyway.

Then I get completely lost in what it's trying to say.

I'm also not certain if it's trying to give instructions on handling the last swap file BEFORE you encrypt it. In 98/ME it seems you don't have to wipe the last swap file, but in win2k/xp you have to.

The way I intend to do it is as follows

1. I reduce the swap file to zero size, reboot

2. Use eraser to wipe out or unused space.

3. Set a swap file. Then set cryptoguerilla to encrypt it. Then reboot.

I'm kind of confused myself, wheresthebeef, I'm hoping some expert will explain it to me or confirm my understanding.

PM


The way you will do it....would be the same as I would if using the program..............can't see how a person could go wrong that way.

But honestly....check out what type of encryption is used......a poor encryption is no encryption....seriously! (of course you know that already)

To be totally honest I trust eraser much more than I would this program. But can also understand your security minded attitude......when it comes to cleaning...wiping....encryption.....the more good programs the merrier.........
People never give the swapfile the attention it should get....its a major hole......an more than one person "tells on himself" by the swapfile.
LOL...how ironic that people spend tons of money for cleaners that wont even touch the swapfiles.........
Best of luck on this PM.......let us know..if you will..how this adventure turns out.........I am most interested

Hi,

I've DL the Encryption Software software and info etc, but if i do install it then it will be on a spare PC for safety testing, always wise i think !

Here's how i would do it, but see the remarks below from the author.

Wipe the exisiting Swap/Paging File with as many Secure passes as you like and Reboot.

Set the SPF to a fixed Max/Min size, whatever you like depending on the amount of RAM you have, MIN usually 1 1/2 times your RAM. If you have a lot, then as i mentioned before, you can actually run very happily without one, with the performance and security benefits that Will bring, and therefore not needing this ES.

Install the ES.

As for general piece of mind you can Reboot and Then Securely wipe out the SPF as above, and then Reboot again whenever you require.

The App uses some very well thought of methods of encryption.


Information on the algorithms implemented in CryptoSwap can be found
here:

http://www.ssh.fi/support/cryptography/algorithms/symmetric.html
(AES, Twofish, Blowfish)

http://vipul.net/gost/ (GOST)

Phosphor
WWW: http://geocities.com/phosphor2013/list.htm


Info

Windows 9x/ME specific:

The encryption driver is now secure. The driver used in the
official releases of BestCrypt is deprecated. (See further comments
below.)

[+] It is no longer necessary to wipe the swap file once after
activating CryptoSwap for the first time. When Windows reboots after
activating CryptoSwap Guerilla, the space that Windows reserves for
the swap file is now cleared as well as encrypted.

Windows ME specific:

[+] Setup will give you the option of automatically creating a System
Restore Point.

Windows 2K/NT/XP specific:

[+] Setup will enable the Windows security feature for overwriting
the pagefile upon every shutdown. If you wish to disable this
feature, double-click the included file named "disableswapwipe.reg"
located in the main directory.


StevieO

Yes, it does seem a little less trustworthy than eraser ,because it is lesser known, it is closed source and is hosted on a mere geocities site. But googling around shows it's not exactly unknown.

{QUOTE-> How do I erase Paging (swap) file?
Under General options click 'Erase swapfile on shutdown'.

<-QUOTE}

I know there's an option to erase the swap file for eraser, as opposed to using the default windows method, but I have a silly question. Does Eraser.exe have to be running for this to work?

It occurs to me one of the advantages of encrpyting swap files on the fly as opposed to clearing them only on shutdown is that if your system doesn't shut down properly (BSOD or whatever), the swap file probably still exists.

On the other hand, for the encrypted swap file, each time the driver boots up it uses a different session key, so even if your computer doesn't shut down properly the swap file is still secure.


{QUOTE-> Set the SPF to a fixed Max/Min size, whatever you like depending on the amount of RAM you have, MIN usually 1 1/2 times your RAM. If you have a lot, then as i mentioned before, you can actually run very happily without one, with the performance and security benefits that Will bring, and therefore not needing this ES.
<-QUOTE}

Personally a lot of sites and the faq recommend minimum/max to be the same to fix the swap file size and location.

Hi PM,

Yes that's exactly what i meant when i said " Set the SPF to a fixed Max/Min size " the SAME size for both, as i mentioned in the other thread about this.

Regarding the BSOD/Crash type issues, i'm not 100% certain if the SPF is at a fixed location on the HD, if it is then just cleaning it again will do the trick !

If you Wipe your Clusters and also Defrag often that will help too.


StevieO

{QUOTE-> Hi PM,

Yes that's exactly what i meant when i said " Set the SPF to a fixed Max/Min size " the SAME size for both, as i mentioned in the other thread about this.

Regarding the BSOD/Crash type issues, i'm not 100% certain if the SPF is at a fixed location on the HD, if it is then just cleaning it again will do the trick !

If you Wipe your Clusters and also Defrag often that will help too.


StevieO <-QUOTE}

Yes. Wiping clusters and defrag will help but they are slow.

The scenario I'm thinking of is that your system is shut down unproperly, but it just happens that the very next time it is turned on, it is seized so you dont have time to wipe clusters and all that.

Encrypting your swap file seems to be a superior solution since it is immune to that problem.