Re: the cold-boot attack - a paper tiger?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 29.05.2008 04:41, Phil wrote: > > --- Phil <philtickle200@xxxxxxxxx> wrote: > > > > > --- Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote: > > > > > > Because loop-aes *is* vulnerable to our attacks. > > > > > > The keying material is in memory when we mount our > > > attack. We were able > > > to reliably extract keys required to decrypt the > > > data on the disk. > > > > > > > So I am right in saying that quitting X and > > overwriting free memory as root with a utility such > > as smem after pulling down the loop will prevent key > > recovery? > > > PS: If so, why doesn't Jari just overwrite the slab > of memory containing the keys when pulling down the > loop? (I previously assumed loop-aes did this). You should read the e-mail Jari wrote. loop-AES does kill the key-material. But you forgot the whole point about the attack: The attacker don't "soft-boot" the computer, he presses the reset-key where the currently running OS (and therefore loop-AES) doesn't get the change to kill the key-material! And the attack also implies that YOU, personally, weren't able to interfere. When you are able to get the computer to soft-boot or switch-off reguarly, loop-AES gets the chance to kill the key-material. Modern computers and i guess most modern Distributions intercept the Power-Off-Button via ACPI and instead of "just switch-off power" they initiate a regular shutdown and soft-power-off afterwards. At least that's what my Debian-SID does by default when the acpid is running. So when someone storms into my room and i am able to press the power-off-button i'm on the safe-side as long as the person doesn't press the reset-key or yanks out the power-cord before loop-AES had the chance to kill the key-material. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/