Hi,
I encrypt my partitions with AES, but i use a kernel patch called TRESOR wich stores the key outside RAM in the debug registers of the CPUs.
So if i create for example an encrypted container with
Code:
cryptsetup create tresor /dev/loop0 --cipher tresor --key-size 256
it uses aes-cbc-plain for encryption which is not secure against watermarking attacks for example.
So my question is: Could i create an encrypted container with following command?
Code:
cryptsetup create tresor /dev/loop0 --cipher tresor-cbc-essiv:sha256 --key-size 256
I am not sure about it and i didn't find anything about this ...
thanks for your time,
osiris
