Phil wrote: > --- Richard Zidlicky <rz@xxxxxxxxxxxxxx> wrote: > > .. perfectly feasible > > with much of todays stock hardware. On multicore > > systems all you need is > > a nonpreemptible kernel thread holding part of the > > key in its CPU registers. > > That way you do not have the keys in main memory or > > they can be in main memory > > but encrypted. The thread would also do the disk > > encryption so if designed > > carefully there would never be sufficient > > information in main memory > > to recover any data. > > Sounds like a solution. How hard would that be to > implement in loop-aes (is Jari reading?) I'm reading... but not convinced. Another half-solution: http://www.mail-archive.com/cryptography@xxxxxxxxxxxx/msg08939.html IMO, it is best to not give adversary full access to computer that still has encryption keys in non-tamper-proof DRAM. > 1. Which kernels sanitize pipe buffers in the way Jari > is saying? Mainline kernels don't. Here is a patch for 2.4 branch: --- linux-2.4.36.4/fs/pipe.c 2003-08-25 20:48:23.000000000 +0300 +++ linux-2.4.36.4r1/fs/pipe.c 2008-05-13 21:11:45.000000000 +0300 @@ -304,6 +304,7 @@ if (!PIPE_READERS(*inode) && !PIPE_WRITERS(*inode)) { struct pipe_inode_info *info = inode->i_pipe; inode->i_pipe = NULL; + memset(info->base, 0, PAGE_SIZE); /* for better security */ free_page((unsigned long) info->base); kfree(info); } else { -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
