* Peter_22@xxxxxx wrote: > [his ideas] ;-) Well, here's how I adapted my setup: Booting is solely allowed from HDD. Any keys reside on an external medium. And I set up the maximum amount of loop devices - the ones I need and the rest with random keys, some using AES, some Serpent, some twofish, 128bit, some ... you get the idea. Also, in the near future I will switch from AES to Serpent. Its considered to be stronger than AES. Also its key schedule is more complex and thus reconstructing a key from it is more work for the attacker. It does NOT help much against the cold-boot attack, it merely slows the attacker down. All you can really do, IMHO, at the moment - let's not jump at shadows. And BTW, yeah, I also like to see that piece of code the authors of the paper used to reconstruct a working key from a key schedule. -- left blank, right bald
Attachment:
pgp00000.pgp
Description: PGP signature