Re: Encrypted Swap

Helge Hafting (helgehaf@idb.hist.no)
Tue, 07 Aug 2001 11:23:04 +0200


Crutcher Dunnavant wrote:
>
> ++ 07/08/01 09:49 +0200 - Helge Hafting:
> > Steve VanDevender wrote:
> > I can remove RAM live, and read it in another device. Or replace
>
> Eek. I dont think I'm gonna sleep well on this one.
> Umm, tamper-crash cases that kill the power?

It's all about how well you protect the machine
versus how easy I can get around it. Yanking a RAM chip
and inserting it in another pc running dos isn't hard,
with physical access.

Killing the power isn't enough,
I have a few seconds to get the chip and can smash the
case open with force. You need a self-destruct
device in a safe, or guards.

A relatively cheap way might be a custom pci
card with a self-destruct RAM bank for
storing the decryption keys. Opening the
safe cause the card to zero the RAM.

The key(s) exists only in this special
RAM, and processor registers during
decryption.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/