[tor-talk] [tor-dev] resistance to rubberhose and UDP questions

Maxim Kammerer mk at dee.su
Sat Oct 6 22:37:38 UTC 2012


On Sat, Oct 6, 2012 at 11:44 PM,  <tor at lists.grepular.com> wrote:
> "TRESOR is only compatible with real hardware. Run-
> ning TRESOR as guest inside a virtual machine is gen-
> erally insecure as the guest?s registers are stored in the
> host?s main memory."

This is irrelevant to my example.

> Also, the encryption/decryption is done using a key derived from the
> password which you enter at the very beginning of boot up. Not with
> the password or key you provide to cryptsetup/luks. This wasn't clear
> to me when I wrote the blog post which I linked to. It's all in the PDF.

I see now — so they break the assumption that one needs to provide a
correct password to open a volume in LUKS after it is closed, for
instance.

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte


More information about the tor-talk mailing list