On Wed, Oct 29, 2014 at 11:33:24 CET, Ralf Ramsauer wrote: > On 29.10.2014 11:24, Cpp wrote: > > The thing is I planned to use a microcontroller to store an encryption > > key in its RAM, and I see the device uses SRAM, so this might be a > > problem? > > http://www.atmel.com/Images/Atmel-8271-8-bit-AVR-Microcontroller-ATmega48A-48PA-88A-88PA-168A-168PA-328-328P_datasheet_Summary.pdf > > Yes, comments :-) > > First of all: are you going to store the Masterkey or the Passphrase / > Keyfile which is used for key derivation? > If you're going to store the master key, you don't need Luks at all, > this would also be a solution for your detached-header problem. > > But.... > > How do you want to realize the communication between the µC and you > Linux Box? Over Uart? (Uart communication can _easily_ be sniffed, so be > aware of that....) If an attacker has access on that level, they can probaly just do a memory-freeze attack or a fire-wire attack. Remember that disk encryption does not protect data while the system is running and has the data decrypted. > Also don't forget to deactivate the JTAG interface. Otherwise the µC > could get debugged... And don't forget to set the correct FUSE bits > (disallow reading / writing from / to flash / EPROM memory, ....) > And did you know, that CPU operations can be reconstructed by small > fluctuations in current[1]? How do you want to solve this issue? > > How does the key get to the µC? > > Aah, almost forgot to mention: you talked about to use a RNG on your AVR > to move the key around. RNG on AVR? From where do you get your entropy? > I don't know much about this project, but maybe this helps you [2]. > > There are *so* many traps... Do you really think this is a good idea? I think this is mostly intended as a project to learn. As such it should do well. But do not expet this to be secure against a competent attacker. Arno > [1] http://en.wikipedia.org/wiki/Power_analysis > [2] http://www.das-labor.org/wiki/AVR-Crypto-Lib // > http://www.das-labor.org/wiki/AVR-Crypto-Lib#PRNGs > > Regards > Ralf > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
