[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] [tor-dev] resistance to rubberhose and UDP questions
tor@xxxxxxxxxxxxxxxxxx:
> On 06/10/12 19:24, grarpamp wrote:
>
>>> *Anyone* with *any* access to the data centers that host the
>>> directory authorities is potentially subject to either a coercive
>>> or subversive
>>>
>>> As you know, I've been digging down the rabbit hole of how to
>>> ensure the integrity of a remote machine, and it seems impossible
>>> to do this without both secure boot *and* a way to verify the
>>> current runtime integrity.
>
>> You can cold boot for OS fs crypto keys
>
> FYI, if you use TRESOR/Trevisor, you can protect your OS encryption
> keys from cold boot attacks:
>
> http://www1.informatik.uni-erlangen.de/tresor
>
> The basic idea being that your keys are shifted from RAM into the
> debug registers of the CPU on boot, then all future crypto is done
> directly on the CPU (AES-NI) without the keys re-entering RAM.
>
> Of course, you will probably still have other sensitive data in RAM.
>
> (I use this patch on my Ubuntu laptop)
I like the basic idea very much.
Does this patch still work against latest kernel of your distro?
Does this force you to compile your own kernel each time your distro
released a kernel upgrade?
Do you know if they tried upstreaming their work to the kernel?
Cheers,
adrelanos
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk