At 10:38 AM 3/21/2008 -0700, Jon Callas wrote:
Despite that my hypotheses are only that, and I have no experimental
data, I think that using a large block cipher mode like EME to induce
a pseudo-random, maximally-fragile bit region is an excellent
mitigation strategy.
Isn't EME patented? - Al
On Mar 19, 2008, at 6:56 PM, Steven M. Bellovin wrote:
I've been thinking about similar issues. It seems to me that just
destroying the key schedule is a big help -- enough bits will change
in
the key that data recovery using just the damaged key is hard, per
comments in the paper itself.
On Tue, Mar 18, 2008 at 09:46:45AM -0700, Jon Callas wrote:
> What operates like a block cipher on a large chunk?
> Tweakable modes like EME.
Or as a non-patented alternative one could use the Bear/Lion
constructions [1], which can encrypt arbitrary size blocks at
reasonably good speeds (dependin
I've been thinking about similar issues. It seems to me that just
destroying the key schedule is a big help -- enough bits will change in
the key that data recovery using just the damaged key is hard, per
comments in the paper itself.
--
Such as Cold Boot, etc.
There have been a number of conversations among my colleagues on how
to ameliorate this, particularly with an eye to making suspend mode
safer.
In the Cold Boot paper, the authors suggested XORing a piece of random
memory onto the dangerous bits, so as to fuzz them