[nycbug-talk] avoiding coldboot key stealing

Sujit K M sjt.kar at gmail.com
Sun Sep 29 06:40:55 EDT 2013


On Sat, Sep 28, 2013 at 5:00 AM, Brian Coca <briancoca+nycbug at gmail.com> wrote:
> Via hacker news I saw this http://www1.informatik.uni-erlangen.de/tresor, it
> claims to avoid storing AES decrypted keys in ram by using the CPU's debug
> registers, also it seems Linux only for now.

The patch is linux kernel based. Could be happening in any OS.

> Anything similar out there for use with ssh/ssl and (I know, too much to
> ask) cipher agnostic? My search-foo returns mostly nil.

These are network protocols. I don't think you need to do have a register based
encryption. If you consider it with HTTPS/FTPS etc. It would take up too much
processor time to put this on the register.

> I'll almost consider using a laptop (other than my phone) if there is.

Even laptops would have the same issues.



More information about the talk mailing list