Re: the cold-boot attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

> As a reaction to this "attack" I wonder if it might be possible to use level 2 cache of the processor to store keys in highly volatile memory space. 2 or more megabytes on the CPU die might be a last resort. As gpg prevents leaking keys from kernel ram to swap partitions, newer disk encryption might prevent keys to be stored in DRAM cells. Of course, elderly processors might not do this stunt due to lack of level 1/2/3 cache but newer architectures offer ever increasing megabytes.
> Is that a worthwhile option?

there is aonether option that is well doable with todays technology. 
On a multi-CPU machine run a dedicated noninterruptible kernel thread on 
one of the cores which keeps essential parts of the key in CPU registers 
at all times.

Using some of the coprocessors would be another interesting idea but much 
less portable.

I am curious what kind of attacks people find against this:)

Richard

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux