FAQ Item 6.10 should also apply to AES-NI, AFAIK. I do not have an AES-NI capable system though to thest that. I think this whole idea of storing keys in cache was some demo at some conference, but is not fit for practical deployment, as CPUs are too differtent. Arno On Wed, Oct 29, 2014 at 16:46:10 CET, Ingo Schmitt wrote: > > On 10/29/14 15:59, * wrote: > > If an attacker has access on that level, they can probaly just do > > a memory-freeze attack or a fire-wire attack. Remember that > > disk encryption does not protect data while the system is running > > and has the data decrypted. > > I thought, AES NI makes cold boot attacks almost impossible because > the master key will be hold in CPU's cache and not in system RAM. > > Since I read that mail thread, I'm not sure about that anymore. > > Pls enlighten me ;) > > -- > -- \__________________________________________________ > ingo.schmitt@xxxxxxxxxxxxxxxxx - GnuPG ID: 0xAFD687D2 | > FP: 7418 77A6 4B59 AF90 4A11 1CCE 91C9 FF1B AFD6 87D2 | > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
