Re: the cold-boot attack - a paper tiger?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
--- Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> wrote: > > 1) gpg and losetup communicate using pipes. losetup > sends passphrase to gpg > using a pipe. gpg sends decrypted key material to > losetup using a pipe. > Last time I looked at mainline pipe code > implementation, it did not > sanitize kernel RAM buffers that were used to > temporarily hold pipe data. > For me personally this has not been a problem > because I run kernels that > sanitize pipe buffers on last close of a pipe. > > 2) When hashing key material, sha512.c functions > sha256_transform() and > sha512_transform() do not explicitly sanitize > stack variables that may > contain data derived from last (65th) IV key > material. In practice, > sensitive stack parts get overwritten by later > stack usage of > losetup/mount programs. > > Other parts of losetup (and mount) always properly > sanitize key material, > excluding 'kill -9' type events. > Catching up on Jari's post - apologies, yahoo mail is not so good for reading this list since it unpredictably treats some posts as spam and dumps them in the bulk folder. Questions: 1. Which kernels sanitize pipe buffers in the way Jari is saying? 2. I was under the impression SIGKILL couldn't be trapped or ignored in C. How then does loop-aes catch a kill -9 and sanitize keys in memory before exiting? - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/