On 23.05.2008 07:57, Phil wrote: > To clarify: My understanding of key scrubbing in > loop-aes is it is designed to prevent burn in as > described in the Guttmann paper, which has not yet > been shown to be a practical threat at any rate. > Unlike the so-called "cold boot" attack, which can be > defeated if keys in memory are overwritten after use. > > So just quit X and run THC's smem utility (from their > secure_delete sources) as root after umo8nting an > encrypted partition. Poof, all of free memory gets > overwritten. No more keys in memory to recover. To Jari: I guess loop-AES destroys/nulls the key-material when the loop is detached? So (i guess): - A `losetup`ed loop is vulnerable. (Mounted or not. In most cases 'losetup'ed includes mounted, but that isn't a requirement) - After detaching the loop everything is fine Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/