From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 13 Jan 2011 22:31:04 +0100 (CET) Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id p0DLV39H024610 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 13 Jan 2011 16:31:03 -0500 Received: from [10.36.8.220] (vpn2-8-220.ams2.redhat.com [10.36.8.220]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p0DLV1ot032476 for ; Thu, 13 Jan 2011 16:31:02 -0500 Message-ID: <4D2F6F15.6000209@redhat.com> Date: Thu, 13 Jan 2011 22:31:01 +0100 From: Milan Broz MIME-Version: 1.0 References: <375AD447-08EA-41C6-8366-C62CAE8CE5DF@nytimes.com> In-Reply-To: <375AD447-08EA-41C6-8366-C62CAE8CE5DF@nytimes.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] keys in memory? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 01/13/2011 10:03 PM, Kachler, Arie wrote: > When a system has been configured and it's using encrypted LUKS > partition(s), are they keys visible in memory? for active devices yes. if you run encryption on the main CPU (and not in some special hw), the key must be visible in memory. > The question is relevant when deploying these types of partitions to > a cloud provider, where the provider's hypervisor has access to all > vms' memory. if you have access to hypervisor, you have access to the full memory, you have access to everything. Milan