[nycbug-talk] avoiding coldboot key stealing
Sujit K M
sjt.kar at gmail.com
Sun Sep 29 06:40:55 EDT 2013
On Sat, Sep 28, 2013 at 5:00 AM, Brian Coca <briancoca+nycbug at gmail.com> wrote:
> Via hacker news I saw this http://www1.informatik.uni-erlangen.de/tresor, it
> claims to avoid storing AES decrypted keys in ram by using the CPU's debug
> registers, also it seems Linux only for now.
The patch is linux kernel based. Could be happening in any OS.
> Anything similar out there for use with ssh/ssl and (I know, too much to
> ask) cipher agnostic? My search-foo returns mostly nil.
These are network protocols. I don't think you need to do have a register based
encryption. If you consider it with HTTPS/FTPS etc. It would take up too much
processor time to put this on the register.
> I'll almost consider using a laptop (other than my phone) if there is.
Even laptops would have the same issues.
More information about the talk