On Mon, Jun 30, 2008 at 08:54:27AM -0700, Chris wrote: > Hello, > My name is Chris Miceli, and I was recently exposed to a video > describing an attack relying on persistent memory > (http://news.cnet.com/8301-13578_3-9876060-38.html > <http://news.cnet.com/8301-13578_3-9876060-38.html>). I was wondering > if dm-crypt has any methods to help protect against this attack. My > friend and I are very curious about security techniques and had some > input that I was wondering about. Since the encryption key is > frequently used (every read and write), it should be stored in the cpu > cache. Would there be a way to not keep the key in memory but only in > cache, like a TPM. No. The cache is hidden and cannot be administrated or used for any specific purpose or instead of main memory. > Is this medium of storage and less vulnerable to these > attacks? I realize this sacrifices cache space, but the key is > probably there anyways. What do you think? These attacks are showy, but not very relevant. If somebody steals you PC, they will either keep it running, and hence do not need this attack, just some other attack against OS and hardware. Or they will switch the machine off for an extended period of time. The only real thing you could do is to use a secure microcontroller for all the encryption (think motion detector and termite). A TPM has not enough power to do encryption. Arno -- Arno Wagner, Dipl. Inform., CISSP --- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
