I realize these attacks are showy, I was just being overprotective. As
an exercise, would it be possible to just use a register. I guess the
register will get swapped out to memory anyways... Are there no CPU
registers avaialable to the kernel that don't get swapped? Oh well. I
was not really worried about an attack, but just curious. Thanks for the
input.
-Chris Miceli
Arno Wagner wrote:
On Mon, Jun 30, 2008 at 08:54:27AM -0700, Chris wrote:
Hello,
My name is Chris Miceli, and I was recently exposed to a video
describing an attack relying on persistent memory
(http://news.cnet.com/8301-13578_3-9876060-38.html
<http://news.cnet.com/8301-13578_3-9876060-38.html>). I was wondering
if dm-crypt has any methods to help protect against this attack. My
friend and I are very curious about security techniques and had some
input that I was wondering about. Since the encryption key is
frequently used (every read and write), it should be stored in the cpu
cache. Would there be a way to not keep the key in memory but only in
cache, like a TPM.
No. The cache is hidden and cannot be administrated or used
for any specific purpose or instead of main memory.
Is this medium of storage and less vulnerable to these
attacks? I realize this sacrifices cache space, but the key is
probably there anyways. What do you think?
These attacks are showy, but not very relevant. If somebody steals
you PC, they will either keep it running, and hence do not need this
attack, just some other attack against OS and hardware. Or they will
switch the machine off for an extended period of time. The only real
thing you could do is to use a secure microcontroller for all the
encryption (think motion detector and termite). A TPM has not enough
power to do encryption.
Arno
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
