Unweitze wrote: > * Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> [2007-05-16 07:53:31 +0300]: > > Key scrubbing, as enabled by KEYSCRUB=y make command line parameter, > > currently only works for AES cipher. It has no effect on twofish, serpent, > > and blowfish ciphers. > > Ouch! Is there a way to keyscrub outside the modules' function, then, or is > reencryption to aes the only way to get RAM keyscrubbing functionality? Currently, the only way is to re-encrypt to AES. Adding key scrubbing to other ciphers would need significant re-writing of those implementations. Implementation would need to keep two copies of each key, one of which holds 'correct' bit pattern, and the other one holds 'inverted' bit pattern. All bits in both RAM areas are then inverted once a second, and implementation keeps track of which RAM area is the correct one at any given time. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
