1
I came across this setting called ClearPageFileAtShutdown
. The setting is described here and says:
If you are truly worried about security, boot Windows off a fully-encrypted drive. Then you needn't worry about your sensitive data being unencrypted in the paging file.
Basically, it implies that the paging file, even if it resides in an encrypted partition, is not safe--the drive must be fully encrypted for it to be safe.
Is this true? How would the paging file (or any file in general) "leak" out of the encrypted partition where it resides? My understanding is that data in memory is stored on RAM and if RAM is full, it is stored in the paging file on the encrypted partition that I specified the paging file to be in--I don't see how this data can be exposed (unencrypted).
This topic is particularly important to me because I dualboot Windows and Linux and I encrypt the former with Veracrypt and the latter with dm-crypt on an SSD--the remaining space is unencrypted unallocated data (which as far as I'm concerned, is not a security issue but based on the article above, it is).
Thanks.
It appears to say that a page file on an encrypted partition is safe, according to your own quote... at least as safe as the encrypted partition. As long as you're not keeping the passphrase on disk and auto-mounting it at boot – Xen2050 – 2016-01-25T07:03:45.820
Note: this was crossposted at Information Security Stack Exchange site.
– Suma – 2019-10-04T06:57:24.010