I will not comment on the feasability of the attack, but provided that
it works, I would go for the key
schedule. You have 10-14 consecutive round keys (160+ bytes) with equal
of 1 and 0 bits. Most memory does not have this statistical
distribution. You can just scan the memory and
print all blocks with a statistical distribution of a key. It is likely
that one of them is the key schedule.
The key schedule is not the key, but since it can be used for decryption
of the data, it is
What distinct string can I look for in these thousands of (text)files to identify key-material of loop-aes?
This may of cause provide some false positives, since there may be other
things that produce random data, like
for example a ramdisk with an encrypted or compressed file on it, but it
would reduce the possible keys considerably.
You can also just try all memory words, since it is feasable to test all
of them as the key (or key schedule). A few billion
keys is not a big deal. It amounts to breaking a 32-bit key.
Otherwise I agree with your critic of the research group. Not releasing
details about an attack is counter to
the philosophy of all open security research.
Linux-crypto: cryptography in and on the Linux system