On Wednesday, August 31, 2016 at 8:25:33 PM UTC+4, pixel fairy wrote: > poured some epoxy over where the ram connects to the motherboard
modern RAM keeps data after hours after disconnecting in from MB. (wont search that paper now, plz search on your own). there are also physical traces of RAM state on RAM device. thats why some folks are moving keys in RAM(xoring it actually) every 10 seconds or so, in their opensource encryption software. there is papper on in too, with photo of such physical micro traces. paper also explains why RAM manufacturers are trying to keep volts as low as possible. imo encrypted RAM is more safe. but where to store keys? CPU cache, VRAM? or separate PCI device? unsure about speed of PCI vs RAM though. but safe storing keys in HW of major, massive vendors is a wrong idea because of obligatory unofficial backdooring. maybe it is possible to only encrypt part of RAM with PCI located key(original PCI storage device). example: main system is in RAM, VM's RAM is encrypted (using driver) and the key is on PCI storage device. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/512950a4-6d96-4698-833d-ccf20ba33f9d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
