Tresor is really cool but most disk encryption stores the master key in RAM. *
Even assuming that your master encryption key can't be extracted from RAM, coldbooting is still a threat.
For instance they get anything in RAM (files being edited, program state, passwords, emails, web cookies).
Maybe you played a RAM intensive video game that overwrote everything or perhaps you just finished writing a quicken books entry for your counterfeiting operation. Do you feel lucky?
For instance they get anything in RAM (files being edited, program state, passwords, emails, web cookies).
Maybe you played a RAM intensive video game that overwrote everything or perhaps you just finished writing a quicken books entry for your counterfeiting operation. Do you feel lucky?
* You can patch your kernel so that DM-crypt uses Tresor, so it is possible. I don't know how it handles the inode keys. http://www1.informatik.uni-erlangen.de/tresor?q=content/read...