[Cryptography] RFC possible changes for Linux random device
Jonathan Thornburg
jthorn at astro.indiana.edu
Thu Sep 18 10:27:16 EDT 2014
On Wed, Sep 17, 2014 at 08:22:10AM -0400, Jerry Leichter wrote:
> if we're going to think big: Encrypted swap space, with *per
> process* encryption keys, would be almost as effective, without the
> potential for such a denial of service attack.
It's perhaps worth noting that OpenBSD has had this (and turned it on
by default) since around 2000. In fact, the OpenBSD implementation uses
per-page encryption keys. See
http://www.openbsd.org/papers/swapencrypt.pdf
http://www.openbsd.org/papers/swapencrypt-slides.pdf
for the paper & slides presented at Usenix Security 2000.
> The per-process
> swap key would go into this kind of "crypto-secure" memory, but
> that would be a strictly limited bit of memory.
I don't think OpenBSD has this. :(
ciao,
--
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"There was of course no way of knowing whether you were being watched
at any given moment. How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork. It was even conceivable
that they watched everybody all the time." -- George Orwell, "1984"
More information about the cryptography
mailing list