[tor-talk] [tor-dev] resistance to rubberhose and UDP questions
Maxim Kammerer
mk at dee.su
Sat Oct 6 21:28:21 UTC 2012
On Sat, Oct 6, 2012 at 9:37 PM, <tor at lists.grepular.com> wrote:
> The basic idea being that your keys are shifted from RAM into the
> debug registers of the CPU on boot, then all future crypto is done
> directly on the CPU (AES-NI) without the keys re-entering RAM.
Did you check that the volume key (shown with cryptsetup luksDump
--dump-master-key) is not stored in RAM by cryptsetup or by the kernel
anyway? I just tested with aes-xts-plain64, and the key appears in
QEMU's memory dump in 3 locations after the encrypted volume is
mounted.
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
More information about the tor-talk
mailing list