| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 5 May 2007 11:16:43 +0200 From: Pavel Machek <pavel@....cz> To: Indan Zupancic <indan@....nu> Cc: Oliver Neukum <oliver@...kum.org>, Pekka Enberg <penberg@...helsinki.fi>, Nigel Cunningham <nigel@...el.suspend2.net>, Linus Torvalds <torvalds@...ux-foundation.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: Back to the future. Hi! > But the same functionality can be achieved by doing: > > 1) Define a user password (e.g. /etc/shadow thing). (Once) > > 2) When a user logs in: get random data and encrypt it with the password, > this becomes the AES key. Store both the data and key in a secure way in > memory, e.g. using the existing kernel key infrastructure. > Advantage of this scheme is that it only need AES and can be done (mostly) > in kernel space. It's also faster and simpler than the current RSA scheme. > Disadvantage is that it wastes at least 32 bytes of memory when the system > is running, to store the data and key. Another disadvantage is that you need to hack into PAM infrastructure, that your suspend password needs to be same as someone's login password, and that it will really only work with single-user machine. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists