Re: the cold-boot attack - a paper tiger?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello everyone!

To summarize the findings, I would like to distinguish two things:

1.
In case a machine is shut down properly or loops used for encryption are torn down regularly, loop-aes guarantees for the erasure of passphrases and key material stored in DRAM chips. After such a regular unmount, adversary would have to break the encryption, but no key material can be made available from memory chips by simply copying its content. If other encryption suites clear memory from key material is left open at this point.

2.
In case of a crash, reset or loss of power, all key material used for reading of and writing to encrypted volumes remains in DRAM for a certain period of time, depending on ambient temperature. A copy of the decaying memory cells can be made for some time. This situation applies to all kinds of software, operating systems and applications which make use of DRAM. Since this approach emanates from semiconductor physics it cannot be fixed by a software-based workaround.

Conclusions for 1. are:
- loop-aes eliminates key material from memory as Jari has emphasized
- loop devices must be torn down properly
- for software other than loop-aes the situation is unclear

Conclusions for 2. are:
- semiconductor physics poses a theoretical thread to the effectiveness of encryption software
- up-to-date no software is at hand to exploit this fact
- tests with "photorec" on running memory yield thousands of files, but no encryption key
- to make use of semiconductor physics, key material would have to be stored on highly volatile level 1/2 CPU cache

Hopefully this summary can make the issue more concrete and help do avoid unnecessary argumentation. Thanks to Jari for pointing out that loop-aes erases key material if only loops are brought down properly. I appreciate this degree of insight into software. How about "smem"? Kubuntu only features "asmem" as a utilization monitor for memory/buffers.

Best regards,
Peter

-- 
Super-Aktion nur in der GMX Spieleflat: 10 Tage für 1 Euro.
Über 180 Spiele downloaden: http://flat.games.gmx.de

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux