[dm-crypt] Quick dm-crypt questions

Arno Wagner arno at wagner.name
Wed Oct 29 17:21:29 CET 2014


FAQ Item 6.10 should also apply to AES-NI, AFAIK. 
I do not have an AES-NI capable system though to
thest that.

I think this whole idea of storing keys in cache
was some demo at some conference, but is not fit for
practical deployment, as CPUs are too differtent.

Arno 



On Wed, Oct 29, 2014 at 16:46:10 CET, Ingo Schmitt wrote:
> 
> On 10/29/14 15:59, * wrote:
> > If an attacker has access on that level, they can probaly just do
> > a memory-freeze attack or a fire-wire attack. Remember that 
> > disk encryption does not protect data while the system is running
> > and has the data decrypted. 
> 
> I thought, AES NI makes cold boot attacks almost impossible because
> the master key will be hold in CPU's cache and not in system RAM.
> 
> Since I read that mail thread, I'm not sure about that anymore.
> 
> Pls enlighten me ;)
> 
> -- 
> -- \__________________________________________________
> ingo.schmitt at binarysignals.net - GnuPG ID: 0xAFD687D2 |
> FP: 7418 77A6 4B59 AF90 4A11 1CCE 91C9 FF1B AFD6 87D2 |
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list