Richard Zidlicky wrote: > Hi, > >> As a reaction to this "attack" I wonder if it might be possible to >> use level 2 cache of the processor to store keys in highly volatile >> memory space. 2 or more megabytes on the CPU die might be a last >> resort. As gpg prevents leaking keys from kernel ram to swap >> partitions, newer disk encryption might prevent keys to be stored >> in DRAM cells. Of course, elderly processors might not do this >> stunt due to lack of level 1/2/3 cache but newer architectures >> offer ever increasing megabytes. Is that a worthwhile option? > > there is aonether option that is well doable with todays technology. > On a multi-CPU machine run a dedicated noninterruptible kernel > thread on one of the cores which keeps essential parts of the key in > CPU registers at all times. > I'm curious how you would account for the key schedule information and other sensitive information. > Using some of the coprocessors would be another interesting idea but > much less portable. Yes, it is less portable but it is tamper resistant and specifically designed to thwart many types of attacks. Regards, Jacob Appelbaum - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
