IT2 Stuart Blake Tener, USNR wrote: > Mr. Applebaum: > > Are you now suggesting that loop-aes has now been subverted in some manner? Our paper is clear. Using general purpose memory for keying material is not as safe as we'd all like. Depending on the time you decide to make an acquisition of memory contents, you'll likely catch keying material in memory regardless of software countermeasures. This is not specific to loop-aes. I just happened to run our tools against some loop-aes memory images and I found many AES key schedule candidates. To be clear: I did not perform decryption tests against loop-aes disks with the keying material I found. The loop-aes code isn't as easy to patch for use with discovered keys as say - dm-crypt's user space tools. It should be possible to do it in short order though if someone were so inclined. Regards, Jacob Appelbaum - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
