Re: the cold-boot attack - a paper tiger?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
I will not comment on the feasability of the attack, but provided that it works, I would go for the key schedule. You have 10-14 consecutive round keys (160+ bytes) with equal probability of 1 and 0 bits. Most memory does not have this statistical distribution. You can just scan the memory and print all blocks with a statistical distribution of a key. It is likely that one of them is the key schedule. The key schedule is not the key, but since it can be used for decryption of the data, it isWhat distinct string can I look for in these thousands of (text)files to identify key-material of loop-aes?
This may of cause provide some false positives, since there may be other things that produce random data, like for example a ramdisk with an encrypted or compressed file on it, but it would reduce the possible keys considerably. You can also just try all memory words, since it is feasable to test all of them as the key (or key schedule). A few billion
keys is not a big deal. It amounts to breaking a 32-bit key.Otherwise I agree with your critic of the research group. Not releasing details about an attack is counter to
the philosophy of all open security research. -Gisle - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/