Hi. I've read Gutmann's papers about how data held persistently in DRAM can cause physical "burn-in" that makes master encryption key recovery trivial. His suggestion was to makes sure it is re-written/moved around every few minutes. [1] loop-aes had such a mitigation implemented, though it unfortunately aids cold boot attack key recovery.[2] Does dm-crypt have mitigations for this in place? [1] https://www.cs.jhu.edu/~astubble/600.412/s-c-papers/remanence.pdf [2] https://www.lorentzcenter.nl/lc/web/2010/383/presentations/Heninger.pdf _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
