| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Apr 2015 09:00:46 -0400 From: Mike Snitzer <snitzer@...hat.com> To: Pali Rohár <pali.rohar@...il.com> Cc: Alasdair Kergon <agk@...hat.com>, Neil Brown <neilb@...e.de>, "Rafael J. Wysocki" <rjw@...ysocki.net>, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>, dm-devel@...hat.com, linux-raid@...r.kernel.org, linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org Subject: Re: [PATCH 0/3] dm-crypt: Adds support for wiping key when doing suspend/hibernation On Sun, Apr 05 2015 at 1:20pm -0400, Pali Rohár <pali.rohar@...il.com> wrote: > This patch series increase security of suspend and hibernate actions. It allows > user to safely wipe crypto keys before suspend and hibernate actions starts > without race conditions on userspace process with heavy I/O. > > To automatically wipe cryto key for <device> before hibernate action call: > $ dmsetup message <device> 0 key wipe_on_hibernation 1 > > To automatically wipe cryto key for <device> before suspend action call: > $ dmsetup message <device> 0 key wipe_on_suspend 1 > > (Value 0 after wipe_* string reverts original behaviour - to not wipe key) Can you elaborate on the attack vector your changes are meant to protect against? The user already authorized access, why is it inherently dangerous to _not_ wipe the associated key across these events? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists