[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Learning from dpr mistakes

To: [email protected]
Subject: Fwd: Learning from dpr mistakes
From: [email protected] (Travis Biehn)
Date: Wed, 11 Feb 2015 15:53:10 -0500
Cc: "[email protected]" <[email protected]>
In-reply-to: <[email protected]>
References: <CAEm6KbL-MYf=ycAJGaXF5dHQ9_tfV2bkU1eLw8JHF=CQVaDAtg@mail.gmail.com> <[email protected]> <1680857.CAZYUBBF9N@lapuntu> <20150211001214.NWJH32693.eastrmfepo103.cox.net@eastrmimpo210> <CAKtE3zfEJUOVos65OfhuyeqbB+woRvbfHqRBRsfi+rYK3x2omw@mail.gmail.com> <CAD2Ti29+bF-bhKTk417cJa8HBiseSMTjvfN59-GaNZ9VoDiLuA@mail.gmail.com> <CAKtE3zcHbc6FOSOZjht6kCm1GdG71JrcU5UegD8zwg_K7TJusA@mail.gmail.com> <CAKtE3ze+YPuE-crQR6gRp4CiwjBcN8ytLMY4jnc3c9Gsv0XcOg@mail.gmail.com> <[email protected]>

You are protecting against hardware attackers with TRESOR.

So... it only makes sense at the bare-metal / Hypervisor level.

-Travis

On Wed, Feb 11, 2015 at 3:33 PM, Alfie John <[email protected]> wrote:

> On Thu, Feb 12, 2015, at 03:17 AM, Travis Biehn wrote:
> > + cypherpunks
> >
> > http://en.wikipedia.org/wiki/TRESOR - Keys are stored in debug or SSE
> > registers and never leave the CPU. Use of AES-NI gives you solid
> > performance. [side-channel DPA/timing etc vulnerable, though :(]
> >
> > That + trusted boot + dm-verity & FDE. Delicious. [Add Xen bare-metal
> > & qubes-esque setup.]
> >
> > I've never seen TRESOR work, that might be a fun side-project for
> > someone.
>
> Wouldn't running TRESOR under Xen be useless as Xen would need to
> save/restore SSE registers when switching between VMs (and putting them
> in memory)?
>
> Alfie
>
> --
>   Alfie John
>   [email protected]
>



-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20150211/cfc1d7e6/attachment.html>

References:
- OnionShare - what do you think about this piece of software?
  - From: [email protected] ( Александр )
- OnionShare - what do you think about this piece of software?
  - From: [email protected] (Hannes Mehnert)
- OnionShare - what do you think about this piece of software?
  - From: [email protected] (rysiek)
- Learning from dpr mistakes
  - From: [email protected] (David Honig)
- Learning from dpr mistakes
  - From: [email protected] (Travis Biehn)
- Learning from dpr mistakes
  - From: [email protected] (grarpamp)
- Fwd: Learning from dpr mistakes
  - From: [email protected] (Travis Biehn)
- Fwd: Learning from dpr mistakes
  - From: [email protected] (Alfie John)

Prev by Date: Fwd: Learning from dpr mistakes
Next by Date: [tor-talk] REAL-ID Internet Access Coming Soon
Previous by thread: Fwd: Learning from dpr mistakes
Next by thread: OnionShare - what do you think about this piece of software?
Index(es):
- Date
- Thread