|
|
|
|
|
|
by EthanHeilman
4530 days ago
|
|
|
Tresor is really cool but most disk encryption stores the master key in RAM. *
Even assuming that your master encryption key can't be extracted from RAM, coldbooting is still a threat. For instance they get anything in RAM (files being edited, program state, passwords, emails, web cookies). Maybe you played a RAM intensive video game that overwrote everything or perhaps you just finished writing a quicken books entry for your counterfeiting operation. Do you feel lucky? * You can patch your kernel so that DM-crypt uses Tresor, so it is possible. I don't know how it handles the inode keys.
http://www1.informatik.uni-erlangen.de/tresor?q=content/read... |
|
|