Encrypting your swap file

Discussion in 'privacy technology' started by Pollmaster, Oct 5, 2005.

Thread Status:
Not open for further replies.
  1. Pollmaster

    Pollmaster Guest

    Is there any advantage to encrypting your swap file on the fly, as opposed to wiping it on every shutdown as per XP/2k options?

    I know the best is to have no swap file, but on machines like mine overburdened with all the latest defensive tech tools that not really feasable unless I up my Ram to 1 Gb.

    I noticed a freeware option that encrypts your swap file from one of our guest posting...

    http://www.geocities.com/phosphor2013/csgreadme.txt

    HOW CRYPTOSWAP WORKS
    ====================

    (The foregoing is adapted from the official documentation.)

    CryptoSwap loads a low-level driver at Windows startup, before
    Windows runs its virtual memory support mechanism and initializes the
    swap file.

    Upon initialization, the driver generates a random encryption key
    that is unique to the current Windows session. The encryption key is
    never written to disk, but held in RAM until the computer is shut
    down or rebooted.

    The CryptoSwap driver intercepts all filesystem operations, such as
    open/close, read/write file, etc., detects requests to the swap file,
    and encrypts data buffers when Windows writes something to the swap
    file. When Windows reads data from or writes data to the swap file,
    CryptoSwap encrypts and decrypts it on the fly, so that each
    operation is performed automatically and transparently.
     
  2. Beef

    Beef Guest

    A swapfile can grow large over time if not cleaned.........would it not REMAIN large if only encrypted but never cleaned ?
    If I am understanding you correctly......the encrypted Swapfile would remain hanging around.......since Swapfiles have been known to land people in jail..............an encryption has been known to be broken......your question suddenly becomes more complicated...........what is the encryption strenght......etc.......can the computer maintain an ever growing Swapfile.........(most computers can) but what would be the purpose ?
    Would be interested is seeing what other posters comments are.
     
  3. Beef

    Beef Guest

    Copied and paste:

    It is no longer necessary to wipe the swap file once after
    activating CryptoSwap for the first time. When Windows reboots after
    activating CryptoSwap Guerilla, the space that Windows reserves for
    the swap file is now cleared as well as encrypted.




    Ok, that statement confuses me......if the space is cleared then what is left to encypt ?
    Is this person trying to say that the space is cleared AN ANY FUTURE INFORMATION IS ENCRYPTED ? If so...an the space is cleared....then whats the point of encryption ? Why not just clean the swapfile and do a secure wipe ?
     
  4. Pollmaster

    Pollmaster Guest

    No. A swap file is set to a certain size only which you can control. You are confusing them with index.dat files and/or browser cache files I think.


    The implementation gives a chocie between AES 256bit key , Blowfish 448bit key, twofish 256bit key etc. All of them are solid choice. I seem to recall the newest directives allow secret and maybe even top secret US documents to be encrypted with AES (can't remember the key sizes though), so my guess is it's basically secure enough, unless you need more security than the US government.

    The main advanatage of encrypting versus cleaning i guess is that it speeds up shut down times.
     
  5. Pollmaster

    Pollmaster Guest

    The FAQ is kind of confusing, and is divided into 2 parts for 98/ME and XP/2K sections. You seem to have quoted the 98/ME part.


    Honestly, I'm not sure what he's trying to say too. My best guess is the same as yours. In 98/ME, you just run cryptoswap, it will automatically handle the existing prior swap file by filling it with random details,


    The answer to your last question is Paranoia. The FAQ points out that you don't really need to wipe your swap file if you encrypt it every season, but some people will still try to wipe it anyway.

    Then I get completely lost in what it's trying to say.

    I'm also not certain if it's trying to give instructions on handling the last swap file BEFORE you encrypt it. In 98/ME it seems you don't have to wipe the last swap file, but in win2k/xp you have to.

    The way I intend to do it is as follows

    1. I reduce the swap file to zero size, reboot

    2. Use eraser to wipe out or unused space.

    3. Set a swap file. Then set cryptoguerilla to encrypt it. Then reboot.

    I'm kind of confused myself, wheresthebeef, I'm hoping some expert will explain it to me or confirm my understanding.
     
  6. Beef

    Beef Guest

    PM


    The way you will do it....would be the same as I would if using the program..............can't see how a person could go wrong that way.

    But honestly....check out what type of encryption is used......a poor encryption is no encryption....seriously! (of course you know that already)

    To be totally honest I trust eraser much more than I would this program. But can also understand your security minded attitude......when it comes to cleaning...wiping....encryption.....the more good programs the merrier.........
    People never give the swapfile the attention it should get....its a major hole......an more than one person "tells on himself" by the swapfile.
    LOL...how ironic that people spend tons of money for cleaners that wont even touch the swapfiles.........
    Best of luck on this PM.......let us know..if you will..how this adventure turns out.........I am most interested
     
  7. StevieO

    StevieO Guest

    Hi,

    I've DL the Encryption Software software and info etc, but if i do install it then it will be on a spare PC for safety testing, always wise i think !

    Here's how i would do it, but see the remarks below from the author.

    Wipe the exisiting Swap/Paging File with as many Secure passes as you like and Reboot.

    Set the SPF to a fixed Max/Min size, whatever you like depending on the amount of RAM you have, MIN usually 1 1/2 times your RAM. If you have a lot, then as i mentioned before, you can actually run very happily without one, with the performance and security benefits that Will bring, and therefore not needing this ES.

    Install the ES.

    As for general piece of mind you can Reboot and Then Securely wipe out the SPF as above, and then Reboot again whenever you require.

    The App uses some very well thought of methods of encryption.


    Information on the algorithms implemented in CryptoSwap can be found
    here:

    http://www.ssh.fi/support/cryptography/algorithms/symmetric.html
    (AES, Twofish, Blowfish)

    http://vipul.net/gost/ (GOST)

    Phosphor
    WWW: http://geocities.com/phosphor2013/list.htm


    Info

    Windows 9x/ME specific:

    [*] The encryption driver is now secure. The driver used in the
    official releases of BestCrypt is deprecated. (See further comments
    below.)

    [+] It is no longer necessary to wipe the swap file once after
    activating CryptoSwap for the first time. When Windows reboots after
    activating CryptoSwap Guerilla, the space that Windows reserves for
    the swap file is now cleared as well as encrypted.

    Windows ME specific:

    [+] Setup will give you the option of automatically creating a System
    Restore Point.

    Windows 2K/NT/XP specific:

    [+] Setup will enable the Windows security feature for overwriting
    the pagefile upon every shutdown. If you wish to disable this
    feature, double-click the included file named "disableswapwipe.reg"
    located in the main directory.


    StevieO
     
  8. Pollmaster

    Pollmaster Guest

    Yes, it does seem a little less trustworthy than eraser ,because it is lesser known, it is closed source and is hosted on a mere geocities site. But googling around shows it's not exactly unknown.

    I know there's an option to erase the swap file for eraser, as opposed to using the default windows method, but I have a silly question. Does Eraser.exe have to be running for this to work?

    It occurs to me one of the advantages of encrpyting swap files on the fly as opposed to clearing them only on shutdown is that if your system doesn't shut down properly (BSOD or whatever), the swap file probably still exists.

    On the other hand, for the encrypted swap file, each time the driver boots up it uses a different session key, so even if your computer doesn't shut down properly the swap file is still secure.


    Personally a lot of sites and the faq recommend minimum/max to be the same to fix the swap file size and location.
     
  9. StevieO

    StevieO Guest

    Hi PM,

    Yes that's exactly what i meant when i said " Set the SPF to a fixed Max/Min size " the SAME size for both, as i mentioned in the other thread about this.

    Regarding the BSOD/Crash type issues, i'm not 100% certain if the SPF is at a fixed location on the HD, if it is then just cleaning it again will do the trick !

    If you Wipe your Clusters and also Defrag often that will help too.


    StevieO
     
  10. pollgone

    pollgone Guest

    Yes. Wiping clusters and defrag will help but they are slow.

    The scenario I'm thinking of is that your system is shut down unproperly, but it just happens that the very next time it is turned on, it is seized so you dont have time to wipe clusters and all that.

    Encrypting your swap file seems to be a superior solution since it is immune to that problem.
     
Loading...
Thread Status:
Not open for further replies.