4

I've got Ubuntu 14.04 Desktop and I use Truecrypt to store my confidential files. I've read that since Truecrypt does on the fly encryption, it only stores its decrypted content (and user's password and his keyfile I would think?) in RAM. If it's all true, then does that mean that even if I don't encrypt my swap, there's no risk that my data stored in a Truecrypt container (and my password and a keyfile too?) would end up on a swap partition in an unencrypted form?

Gregory
  • 83
  • 3

2 Answers2

3

Generally, if you have any encrypted storage, then you should encrypt your swap. This goes for any encryption system, not just TrueCrypt. The data of any program can end up in swap, including programs that manipulate the confidential data. The kernel chooses what data it puts in the swap based on access frequency, it doesn't know what part of the data is more confidential.

TrueCrypt itself does request that the operating system give it memory that's locked in RAM and can't be swapped. I think it doesn't refuse to operate if the OS isn't willing to give it enough RAM though, so this behavior isn't guaranteed. And even if it was, that wouldn't help: the programs manipulating the confidential data would not have such a protection. For example, if you run an editor on a file in the TrueCrypt partition, the editor's memory may get swapped.

You should also make sure that all locations where temporary data is stored are encrypted. On Linux, this includes /tmp (there's also /var/tmp but its usage is explicit, whereas just any program might end up using /tmp). Many modern Linux systems, including Ubuntu 14.04, puts temporary files under /run, which is always in memory (virtual memory, that is: it can get swapped), but some applications hard-code /tmp. Other common locations where temporary data might end up include /var/spool/cups (printer spooler, if you print a confidential document), /var/spool/mail (incoming mail), /var/spool/postfix (outgoing mail, with Postfix — adapt the directory name if using a different MTA), ~/.cache.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
1

This is more a Linux question. Since Truecrypt runs as a userspace program it has no control over its memory pages, i.e. it leaves the memory management to the kernel.

The kernel is never told that the memory pages that Truecrypt is using are confidential therefore it may place the pages in swap. And Truecrypt will never be told that its pages are swapped out. For the userspace process (Truecrypt) virtual memory is just virtual memory, and it does not matter if it is currently in the RAM chip or on swap.

Therefore no, if you do not encrypt your swap partition and use Truecrypt your keys (passwords after some kind of PBKDF) are not safe. If a key happen to be in the memory that got swapped out it can be read from disk.

Do a cat /proc/swaps and perform sudo swapoff <partition or file> for every available swap space before running Truecrypt (or, preferably, use an encrypted swap).

(I'm talking about a userspace process because that is different from cryptsetup, which works as kernel module and protects its memory pages from being swapped.)

Extra note

Truecrypt is not receiving any more updates since May 2014 (as it says on the main page of the project). You should seriously consider a different tool for the encryption of your files. Some options are:

  • Veracrypt is very similar to (and even based on) Truecrypt.
  • cryptsetup is available on every linux distro (and you are using Ubuntu). Although it requires the use of loop devices.
  • tomb is a script that uses cryptsetup together with gnupg and abstracts out the use of loop devices.
grochmal
  • 5,677
  • 2
  • 19
  • 30