Sponsored link
Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Cold Reboot Attacks on Disk Encryption
Cold Reboot Attacks on Disk Encryption
Posted Feb 21, 2008 18:44 UTC (Thu) by freemars (subscriber, #4235)Parent article: Cold Reboot Attacks on Disk Encryption
A possible work around -- an expensive one -- could be to store part of the key in a CPU register (perhaps one of those 128-bit SSE registers). Not only would this require kernel completely rewritten to leave that register alone, it would probably slow the operating system by something like 1/(#_of_registers_in_this_CPU). Having to guess the final 128 bits of the key would at least annoy brute-force attackers.
(Log in to post comments)
Cold Reboot Attacks on Disk Encryption
Posted Feb 21, 2008 19:21 UTC (Thu) by ncm (subscriber, #165) [Link]
Or, alternatively, in some other device: perhaps the graphics chip. On any given system there's some bit of complicated hardware that is not used. On many systems the 3D features are never used (e.g. Nvidia chip w/ nv driver). Others have firewire, or an MMC slot. For security, it could be an advantage that the key is stored at different addresses on different machines, particularly if random values are stored in the others, and the actual location used on any given boot is chosen from among them at random.