[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [tor-dev] resistance to rubberhose and UDP questions



On Sat, Oct 6, 2012 at 9:37 PM,  <tor@xxxxxxxxxxxxxxxxxx> wrote:
> The basic idea being that your keys are shifted from RAM into the
> debug registers of the CPU on boot, then all future crypto is done
> directly on the CPU (AES-NI) without the keys re-entering RAM.

Did you check that the volume key (shown with cryptsetup luksDump
--dump-master-key) is not stored in RAM by cryptsetup or by the kernel
anyway? I just tested with aes-xts-plain64, and the key appears in
QEMU's memory dump in 3 locations after the encrypted volume is
mounted.

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk