[Cryptography] RFC possible changes for Linux random device
Viktor Dukhovni
cryptography at dukhovni.org
Wed Sep 17 18:16:55 EDT 2014
On Wed, Sep 17, 2014 at 08:22:10AM -0400, Jerry Leichter wrote:
> We're talking much bigger changes here, but if we're going to think big:
> Encrypted swap space, with *per process* encryption keys, would be almost
> as effective, without the potential for such a denial of service attack.
> The per-process swap key would go into this kind of "crypto-secure" memory,
> but that would be a strictly limited bit of memory.
Why should the key be per-process, and not system-wide? Instead
each process could simply have a non-secret key identifier, allowing
periodic key rotation. At which point, is this really much better
than existing encrypted swap devices?
--
Viktor.
More information about the cryptography
mailing list