From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 19 May 2011 09:05:13 +0200 (CEST) Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p4J75CYf011715 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 19 May 2011 03:05:12 -0400 Received: from [10.36.7.188] (vpn1-7-188.ams2.redhat.com [10.36.7.188]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p4J75Bre031832 for ; Thu, 19 May 2011 03:05:11 -0400 Message-ID: <4DD4C126.3030709@redhat.com> Date: Thu, 19 May 2011 09:05:10 +0200 From: Milan Broz MIME-Version: 1.0 References: <20110518152417.15529442@Haruhi.lan.labor-bochum.net> <1305755598.15947.2.camel@hidalgo> In-Reply-To: <1305755598.15947.2.camel@hidalgo> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] DM-Crypt resistance against Cold Boot Attacks List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 05/18/2011 11:53 PM, Yves-Alexis Perez wrote: > If you read the paper, you'll noticed there's nothing to change to > dm-crypt, as the cypher is registered in the Crypto-API, it can be used > directly. TBH dmcrypt keeps its own copy of key (because key it is still part of the device-mapper mapping table so it must be available for status commands). So there are some changes needed but basically technicaly unrelated to that patch. (This will hopefully change with new mapping table format soon.) Anyway, it must be accepted into kernel crypto layer first. IMHO I think that without strong hw support these implementation will have some problems but it is good that someone works on such things. (E.g. how it works if it is not bare hw but virtualized system?) Milan