Tor uses swap?

Gregory Maxwell gmaxwell at
Tue Jan 4 15:13:00 UTC 2011

OT, I know, but this is information that all tor node operators should have.

On Tue, Jan 4, 2011 at 8:25 AM,  <andre76 at> wrote:
> I sure would LOVE to know an easy way to encrypt my swap.  My plan had
> been to do a fresh reinstallation of Ubuntu 10.04 on my dual-boot
> machine but I got to the "encrypt the disk" portion of the installation
> using Alternate CD and quit.  There were too many questions or settings
> that I had no idea what to enter.

If you have a separate swap partition it is very easy to encrypt it on
all GNU/Linux systems.

If you use an ephemerally keyed swap you don't even have to provide a
password at boot— it will use a new random key at every reboot.

First edit /etc/crypttab, and add a line (or create the file):

swap /dev/sda9 /dev/urandom swap,cipher=aes-lrw-plain,size=256

(replace "sda9" with the name of your swap device, "swapon -s" will
tell you. It is important that you get this right.)

Then edit /etc/fstab and change the swap line to

/dev/mapper/swap        swap                    swap    defaults        0 0

Reboot and your swap will be encrypted (cryptsetup status swap will
give you information on the volume).
To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list