[tor-talk] [tor-dev] resistance to rubberhose and UDP questions

tor at lists.grepular.com tor at lists.grepular.com
Sat Oct 6 22:46:24 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/10/12 23:37, Maxim Kammerer wrote:

>> "TRESOR is only compatible with real hardware. Run- ning TRESOR
>> as guest inside a virtual machine is gen- erally insecure as the
>> guest?s registers are stored in the host?s main memory."
> 
> This is irrelevant to my example.

Yes. I replied too quickly to your email and realised my mistake
shortly afterwards. Hence the second email.

>> Also, the encryption/decryption is done using a key derived from
>> the password which you enter at the very beginning of boot up.
>> Not with the password or key you provide to cryptsetup/luks. This
>> wasn't clear to me when I wrote the blog post which I linked to.
>> It's all in the PDF.
> 
> I see now ? so they break the assumption that one needs to provide
> a correct password to open a volume in LUKS after it is closed,
> for instance.

Yes. They do that. As is documented. I guess this is one of the
reasons why it's not in the mainline kernel.

- -- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4
-----BEGIN PGP SIGNATURE-----

iQGGBAEBCgBwBQJQcLTAMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBOjVCACtNKnB4nnG
/LgWr548F+nyzw5li/8SNQC+oXtGwSlqRDLVCrNC+RkJKG2+BAz0ZcgjmmrYJxRq
lYW/nzvdMIijbcRBp8UvOHNqrie9OAKI/3oZswJXFz7EBZX/3VyFuu5SVzG7mR/X
2TRfNmXKV0rPamKIJcSrJGgYbo0kFDqRenG641qy9v+VjGwBds3oVQzjpvb08KKz
exL7dMTq0X7SwK41adPmLNfPTlbkivg4yN0ctrVyvhiFuCJdSx16eusqsPk1A69C
OUCUv5X4w2hpnV5ErlWD32J/1kMRsQ637J5o3SMvgxzF2rqVALEVvOhSDEcseRxn
KAkjQdT1u9ZA
=l+dT
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list