Mikko Rauhala wrote: > As for the currently advertised DRAM data retention, of course there's > nothing much one can do about that (except to only keep drives mounted > as necessary). I would like to verify though that unmapping a dm-crypt > encrypted volume does overwrite the key memory area as is sensible, yes? > I've only taken a quick look through the source, and it is certainly imperfect since I am no kernel hacker, though this is what I find: The dm-crypt.c code has a provision for clearing the keys, in crypt_wipe_key(), but it's not clear that this code ever gets called. Perhaps I just haven't found where the call comes from yet. Also, each algorithm seems to keep its own copy of the key in each context, and none that I looked at seemed to have any way to clear those copies of the keys/contexts. Perhaps they are cleared elsewhere? What is clear to me is that someone who knows more about this subsystem than I do needs to look it over and say, yes all the keys are cleared, or no they are not and here's a patch. -- Homeland Stupidity <http://www.homelandstupidity.us/> --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
