Exactly. It's quite possible to set it up right now using Linux and the loopback device. At least if it is possible to swap to it.
Just have two equally sized swap devices.
1> Set the key for the first device, and enable it. 2> Wait for one hour or so 3> Set the key for the second device, enable it 4> disable the first device, and clear the key 5> Wait one hour or so 6> Go to 1
It might induce some disk-trashing, though, but it's the only safe way I can see. This limits the time you can steal data from the swapdevice to 2 hours even if you steal each and every key that is ever used.
Not that this really belongs in a pike developers forum any more. :-)
/ Per Hedbor ()
Previous text:
2003-01-28 14:33: Subject: Re: OpenSSL wrapper vs Pike's SSL (Was: Bz2)
And encrypted swap ought to be easier, because key management is trivial: Generate a random key, use it for a while, destroy it some time later. No need to store it or send it around. No passwords the user must remember. Etc.
/ Niels Möller ()