At 01:51 AM 7/15/03 +0300, Sampo Syreeni wrote:
On 2003-07-14, Michael Shields uttered to Bill Frantz:
Encrypted swap is a crypto sweet spot, because it has perhaps the easiest key management of any crypto system. It seems that the BSD systems have it while Linux still thinks it is difficult.
At this stage I think a small question is in order. Is there any Big Red Button software out there to complement this level of paranoia?
What I mean is, after you've got everything in your system under industrial strength crypto, you have exactly one weak spot, that being a whole lot of people charging through your door when your system is already running hot and accessible. At that point the only thing that can save you is a one-touch mechanism to effect a swift (i.e. at most two or three seconds), dirty, no-matter-what shutdown, with guaranteed loss of key material.
Is there open source software out there to effect that sort of thing?
Its called the power button. Which is why MRAM is a different security risk. One could design software such that only the least required is decrypted at any one time, which would minimize the risk from persistant memory after you offed the power. There would probably be a serious performance hit in such software, but tradeoffs are what the game is about.
participants (1)
-
Major Variola (ret)