Questions about this topic? Sign up to ask in the talk tab.

TRESOR

From NetSec
Jump to: navigation, search

Tresor

Tresor is a secure implementation of AES that is a Linux kernel patch that moves encryption keys from RAM (Random Access Memory) into CPU Debug registers for Full Disk Encryption setups. The reason for this, is to prevent Cold Boot Attacks which are executed on computers that are turned off, RAM sticks hold their charge for seconds to minutes potentially leaving encryption keys to be read by forensic analysis. This time allotment is extended when the RAM sticks are sprayed with c02, n0s, liquid nitrogen, retaining their bit states for an even longer period with low bit decay. Tresor mitigates this by holding the encryption keys in CPU registers which are flushed instantaneously after power is lost. Booting into a Tresor kernel, you will provide your master encryption key and a hash of that key which you will confirm, then you will overwrite the key from RAM and into the CPU registers and your boot up process will continue as usual.

How To Install

You can either install the Tresor kernel from source or use Arch Linux's AUR by using yaourt.

  1.  git clone https://aur4.archlinux.org/linux-tresor.git/ && cd linux-tresor-git/