http://citp.princeton.edu/memory/ The idea is not new, but still, it's possible to recover encryption keys from RAM chips for many disk encryption systems, including dm-crypt, some time after a power off. The time ranges from a couple of seconds to minutes, and can be further increased by cooling down the RAM chips with off-the-shelf canned air. Wouldn't it be desirable to have dm-crypt scrub the keys in use on reboot and/or panic()? At least as an option. *hint, hint*. -- noah --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
