[dm-crypt] DM-Crypt resistance against Cold Boot Attacks

Milan Broz mbroz at redhat.com
Thu May 19 09:05:10 CEST 2011


On 05/18/2011 11:53 PM, Yves-Alexis Perez wrote:
> If you read the paper, you'll noticed there's nothing to change to
> dm-crypt, as the cypher is registered in the Crypto-API, it can be used
> directly.

TBH dmcrypt keeps its own copy of key (because key it is still part
of the device-mapper mapping table so it must be available for
status commands).

So there are some changes needed but basically technicaly unrelated
to that patch.
(This will hopefully change with new mapping table format soon.)

Anyway, it must be accepted into kernel crypto layer first.

IMHO I think that without strong hw support these implementation
will have some problems but it is good that someone works on such
things.
(E.g. how it works if it is not bare hw but virtualized system?)

Milan


More information about the dm-crypt mailing list