From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com
 [IPv6:2a00:1450:4010:c03::22b])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 29 Oct 2014 17:50:25 +0100 (CET)
Received: by mail-la0-f43.google.com with SMTP id ge10so2929308lab.30
 for <dm-crypt@saout.de>; Wed, 29 Oct 2014 09:50:24 -0700 (PDT)
Received: from [192.168.2.27] (56.157.broadband5.iol.cz. [88.100.157.56])
 by mx.google.com with ESMTPSA id oh4sm2140827lbc.19.2014.10.29.09.50.22
 for <dm-crypt@saout.de>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 29 Oct 2014 09:50:22 -0700 (PDT)
Message-ID: <54511ACC.7080708@gmail.com>
Date: Wed, 29 Oct 2014 17:50:20 +0100
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <CAHeB2Anm7U-Jktch6npvgCzYpvYUhKVyRxR0P5g=UK6co=91DA@mail.gmail.com>
 <20141028111351.GA23722@tansi.org>
 <CAHeB2AnHCSR3NCO0gRqRHOLHjOP6Gnne6eBmdU5rg9A2-_a4dA@mail.gmail.com>
 <5450C274.6020909@ramses-pyramidenbau.de> <20141029145900.GC11970@tansi.org>
 <54510BC2.6010501@binarysignals.net> <20141029162128.GD11970@tansi.org>
In-Reply-To: <20141029162128.GD11970@tansi.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Quick dm-crypt questions
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 10/29/2014 05:21 PM, Arno Wagner wrote:
> FAQ Item 6.10 should also apply to AES-NI, AFAIK. 
> I do not have an AES-NI capable system though to
> thest that.

I think AES-NI can help with some (cache) timing attack but
not with Cold boot.

> I think this whole idea of storing keys in cache
> was some demo at some conference, but is not fit for
> practical deployment, as CPUs are too differtent.

If you mean idea of frozen-cache, it's impact to performance is huge.

There is also TRESOR and loop-amnesia which tries
fix the cold boot problem.

(Just Google for frozen cache, tresor+aes or loop-amnesia for more info.)

But all is x86_64 only and there is a lot of problems
(the first one is that it is not in upstream kernel:-)

(And dmcrypt has still one copy of key in its structs,
so deploying such solution requires some changes here as well,
not trivial because of device-mapper table logic.)

Milan