Deniability - Protecting against cold boot attacks, with RAM encryption (no hardware access!) #37
Labels
No Label
/!\ On Priority - High Quality Tutorial
? Impossible Currently ?
Complex
Doable
Simple
To be improved / simplified / finished / fixed
pushed to prod (1 month external review)
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: nihilist/blog-contributions#37
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
it's the continuation of #36
the closest i found is https://www.cs1.tf.fau.de/research/system-security-group/ramcrypt/ but it seems to require hardware access + an outdated kernel version. NOT possible to do any hardware change when you are using a remote server
brainstormed something but not sure if this can solve the problem (feel free to correct me if it's stupid or not)
moving as much stuff out of RAM as possible into swap, and make that swap LUKS encrypted:
encrypt the swap https://www.tecmint.com/disk-encryption-in-linux/
https://linuxize.com/post/how-to-change-the-swappiness-value-in-linux/
and then forcefully make linux move everything into swap by increasing the swappiness to 100 (and also make sure that the swap is big enough to fit everything!)